On Sat, 15 Jun 2013, Thomas Lübking wrote:
Am Samstag, 15. Juni 2013 schrieb David Lang
Just to avoid misunderstandings:
this is not about blocking image attachments (that's not a MUAs job at
all) or rendering attached images inline with textmails, but fetching and
rendering images with html mails that are *not* attached to the mail but
reside on foreign domains.
An image attached to the mail resides at your MSP - it's too late, they
already know you fetched the mail ;-)
Ok, I was misunderstanding the problem.
Ok?
So if you actually "just" want to autofetch and render image attachments
(do you?) with text- or html mails, that bears no threat and the reasonable
setting here would be a size threshold (so you won't wait an hour on a
roaming connection while downloading an 100M image) and oc. not for mails
tagged as spam at all - it's however not what I (nor I think Jan) took the
OPs request to be.
About the tool: my knowledge regarding html mails is pretty much limited to
"avoid them", but i wonder whether searching the body for resp. img tags
would do.
hey, I'm running pine here, images are something I save to open in a different
tool most of the time :-) however, at $work it's hard to stick to that and I end
up having to use OWA fairly frequently to deal with HTML messages.
There are image attachements that are not referred to at all in the message and
require explicit opening.
There are image attachments that are referred to in the message. There should be
a configuration option to enable opening these by default. These aren't all safe
(there have been too many exploits of the tools to display the images).
The only way that remotely hosted files are more dangerous is the privacy issue
that the attacker can tell that you accessed something.
But I don't see this as a horrible risk, it's just too easy to get users to
click on something for me to say that it's a good idea to not have an option
that allows such messages to be opened. not enabling it by default is good, but
having an option to enable it is also good.
It's been a few months since I last tried to run trojita, but now that it's
possible to do navigation through messages without them getting opened by the
preview pane, I'll take another look and see exactly how it's behaving now.
David Lang