---- Reported by jim@yorba.org 2013-05-15 14:53:00 -0700 ----

Original Redmine bug id: 6950
Original URL: http://redmine.yorba.org/issues/6950
Searchable id: yorba-bug-6950
Original author: Jim Nelson
Original description:

This blogger makes an interesting point against "always show images from
sender": http://my.opera.com/RobbieGee/blog/2009/02/28/always-show-images-
from-some-spammer-com

While Gmail offers a measure of spam protection to verify that the sender
really is who he/she says they are, it's not foolproof. Not all servers or
services offer strong anti-spam support. Perhaps Geary should allow images
from hosts or domains (which are harder to hijack) than email addresses.

There are implementation issues here, since images may originate from multiple
hosts in a single email. Users may want to whitelist an entire domain rather
than specific hosts within one.

It's tough writing this since we just landed show images from sender (#5642).
Let's discuss before anyone proceeds.

Related issues:
related to geary - Feature #5642: Allow external images from a particular
sender to always ... (Fixed)



---- Additional Comments From geary-maint@gnome.bugs 2013-11-14 17:17:00 -0800 ----

### History

####

#1

Updated by Robert Schroll 6 months ago

A pity we didn't think about this earlier. I think it'd be easier than the
per-contact approach. We'd just need to add the domains to the
always_loaded_prefixes list in ConversationWebView.

####

#2

Updated by Robert Schroll 6 months ago

Thinking about this some more, I don't think this approach is fool-proof
either. An attacker could post images on Flickr, or similar, and then look at
number of views. Granted, this would be hard to do on a wide-scale, but it
does demonstrate that this approach can't be trusted completely, either.

Frankly, though, I'm no longer worried about spammers finding my email. It
only takes one failure to make hiding useless, and filtering is so good that I
rarely see spam in my inbox. Spammers are not worried about wasting resources
-- they can steal whatever they need from hijacked machines -- so I have
trouble believing they're worried about whether a given email address is
active.

Instead, I'm more worried those "legitimate" mailing lists I'm on, from buying
this or signing up for that. They don't annoy me enough to make me try to
figure out how to get off of them, but I don't want to give these people the
pleasure of knowing that I'm receiving them. Because these folks want to
emphasize that they're legit, they aren't forging headers. Our current
approach works for these.

One thing we may want to do is disable the showing of images based on sender
in the Spam folder, where forged headers will be much more common.

####

#3

Updated by Jim Nelson 6 months ago

I think everything you're saying is entirely valid. I also think implementing
this feature properly is a lot more complicated than what we have today (both
in code and the user experience) for potentially little reward. But let's keep
this on the table for 0.5 and see if there's any more input from the outside
world about its utility.

####

#4

Updated by Jim Nelson 7 days ago

  * **Target version** deleted (<strike>_0.5.0_</strike>)



--- Bug imported by chaz@yorba.org 2013-11-21 20:19 UTC  ---

This bug was previously known as _bug_ 6950 at http://redmine.yorba.org/show_bug.cgi?id=6950

Unknown version " in product geary. 
   Setting version to "!unspecified".
Unknown milestone "unknown in product geary. 
   Setting to default milestone for this product, "---".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.
Resolution set on an open status.
   Dropping resolution