How are spammers getting images past my no-image default?
March 16, 2023 6:53 PM   Subscribe

I use Thunderbird as my PC mail client. It doesn't allow images to load by default, and I have to allow image loading to let images into my browser. Recently, a lot of spam images have started appearing in my email, with no option to block the remote source. How do I stop this?

I'm partly annoyed because images are getting through, and also because as I understand it, image loading can at the very least ping that the email has been opened (even in preview) and the address is active, leading to even more spam.

I've put the full source of the email here:

An image of the email is here (now marked as spam, because I did that manually in Thunderbird):

Thunderbird doesn't let me view mail as HTML natively, so I can't look at it that way.

How is this happening, and is there something I can do to prevent it?
posted by Shepherd to Technology (9 answers total)
The Content-Type: image/jpeg; on line 88 is the start of the image itself. Email clients have the option to block images from remote servers so that the remote server doesn’t know you viewed the image. But if the image is contained within the email itself as an attachment then there’s no tracking risk, so email clients doesn’t generally block those.
posted by Nonsteroidal Anti-Inflammatory Drug at 7:01 PM on March 16 [10 favorites]

As the first answer points out, these images are displayed because they are encoded as attachments to the email.

The possibly good news is that means there is no privacy leak, because they are not being served from a remote server. They are in a sense part of the email itself.

Unfortunately there is no menu item that I know of to turn off display of this kind of attachment. If you feel brave, you can go into Settings and find the Config Editor (at the bottom of the General tab), and then find the config item called mailnews.display.html_sanitizer.drop_media and set it to false. This will prevent the display of such images, and they will show up as attachments instead.
posted by i_am_joe's_spleen at 1:01 AM on March 17 [2 favorites]

View → Display attachments inline.
posted by BobInce at 2:32 AM on March 17

View → Display attachments inline.

Not sure whether this would help in this case, because it’s not showing the attachment inline where it appears in the message, but rather because of an img tag in the HTML markup part of the message that references it by its Content-ID. So the html_sanitizer option BobInce mentioned seems more promising.
posted by staggernation at 5:45 AM on March 17

Oops, I meant i_am_joe’s_spleen, sorry
posted by staggernation at 6:04 AM on March 17

I have a wiki in a bookmark using this.

gible, can you explain more what this is? I literally cannot parse what you wrote, and I'm not going to paste that data blob into my browser to see what happens.
posted by intermod at 8:34 AM on March 17

I use Earthlink for my email and they have the option to turn off all images in email--I haven't had a problem with anything slipping through. They have a robust spam-blocker and I have it set pretty high, so I get very little spam anyway. Emails from folks not on my white list need to be approved before I see them.
posted by agatha_magatha at 9:06 AM on March 17

Maybe WarnAttachments extension?
posted by kschang at 1:57 PM on March 17

« Older Other people’s baking: delicious and dizzying   |   What would cause someone to suddenly have a lot of... Newer »

You are not logged in, either login or create an account to post comments