Sort of. They can't change plain text, but modern emails often include vast swaths of remote content. When you open the message, it retrieves the relevant assets directly from whoever sent the email. That remote content is not permanently stored. It's cached for a bit and will not be re-used if the email is opened months or years later.
If those assets disappear or are changed, there's very little any email provider can do about that.
The benefit of this is senders couldn't treat it as a read receipt, because the provider can state "Our infra performs this operation for the user for immutability purposes" similar to other email operations that proxy these requests for privacy purposes.
I’m not sure how long Google caches it. I know Fastmail is doing the same thing now for any remote content fetched from within their web interface.
And on the one hand, it's cool as hell to see your email update itself to show tracking progress
On the other hand, just send me a new email. It's fine, I promise.
Apple’s private loading feature also shows how that could be fixed: the mail server can retrieve the referenced content once and save it so you’d always know what was served at the time the message was sent.
It could be anywhere, which is another knock against HTML email.
Which is why text only email is still king, and used in a lot of places still.
Did anyone ever read the plaintext version of the email outside our company? Probably not - but it was super useful for testing that the content was correct by dumping the full message contents to console.
Would I have been applauded for only providing customers with a plain text email? Nah, you need a really niche audience to appreciate that - I love that audience, but that audience isn't our customer base unfortunately.
The actual mechanics of email formatting are quite simple (it basically hasn't changed at all in 50+ years) so it can be quite straightforward - it just gets difficult when you try and get fancy.
Absolutely bonkers.
"Because of the dynamic nature of AMP messages, the content displayed in Gmail messages can change as time passes." https://support.google.com/a/answer/9709409?hl=en
But proving to others that an email hasn't been modified is a more difficult task. As I understand it, you'd need to retain DKIM keys for the signing server, to check that historical DKIM signatures verify correctly and the old message was not forged or altered.
Are DKIM signing keys issued in some kind of Certificate Transparency log, where you can verify whether a particular DKIM key existed for a particular domain in the past, in order to do this in general?
https://github.com/robertdavidgraham/hunter-dkim#but-gmails-...
EDIT: this one exists but is incomplete: https://archive.prove.email/about
I gotta be honest, this scenario is not a concern that impacts my choice of email provider.
But as in all cases, you can only be truly sure no one is tampering if you don't give it to anyone else.
The cameras used to document "news" will need to be watermarked, fingerprinted and authenticated, like what Canon and Nikon are already doing (and which AFP has already adopted).
It may have seemed gimmicky at first, but in a year or two, you'll probably only be able to trust visuals from companies that do this (wire agencies like AFP, AP and Reuters are heavily disincentivised to create fake news anyway but that's another topic).
At a certain level, I imagine social media apps will also encourage direct camera-to-post for documentation/videos of reality, since this will be the only end-to-end method to verify an image was created unaltered. I can imagine a world where, if you film a protest through the Instagram app, you'd get some kind of "this is real" badge on it, whereas if you upload a video, it gets treated as "could be AI" like 99% of all future content.
In practice, ordinary users don't care much about mainstream media anymore.
This is a bigger threat than phony AI videos.
It's hard to imagine someone kvetching about not being able to sideload apps to their phone reaching that point of significance. I don't mean to completely dismiss very real concerns about what people can and can't do with their purchases, but OTOH war involves actual people actually dying, and manipulating media is a fantastic way to get one.
A lot depends on watermarking at source and the social media platform using that to make a clickable/hard watermark
This removes the possibilities for bad actors to just one - the platform itself.
In any case, the audience will have to learn new ways to "trust" and tech alone won't be the solution. But I've less hope in people and more hope in new social contracts
I think LIDAR sensors would be useful to verify depth information in an image, on a side note.
One of the most common forms of submissions on Reddit/Twitter is an image with text, or a screenshot of a tweet, or a screenshot of a headline that makes a claim, and everyone takes it dead seriously.
Almost nobody is going "hmm let me look this up first to see if it even exists or accurately represents the facts".
So if all you need is an image of text for people to believe it, what does it even matter if you have this sophisticated system where you require photos to be signed by camera hardware or whatever? You aren't even putting a dent in how bullshit spreads.
The next flaw is that cameras are happy to record screens playing AI-generated videos and mark them as authentic. Perhaps you can tell today because the screen pixels aren't perfectly 1:1 mapped to the image sensor pixels, but as soon as elections depend on being able to do that, those screens will exist.
People are saying to add LIDAR to prevent this "record the screen" hack, but a mirror over the LIDAR sensor and me sitting at a desk motionless looks to LIDAR exactly like the world leader I'm deepfaking sitting motionless at a desk. People are not using AI to generate amazing action shots.
At the end of the day, people will have to take some personal responsibility. Migrants probably aren't killing and eating pets. Pets taste terrible and grocery stores that you can just walk into and steal whatever you want exist. There isn't a bed that can cure any disease. If someone says they do, even a world leader, test them out on something non-critical. Break off a fingernail and see if the magic bed can regrow it overnight. If not, maybe stick to traditional cancer treatments until there is some clearer evidence.
It’s already possible. See the Stagecraft studio they built for the production of TV series The Mandalorian.
> shooting the series on a stage surrounded by massive LED walls displaying dynamic digital sets, with the ability to react to and manipulate this digital content in real time during live production
https://www.unrealengine.com/fr/blog/forging-new-paths-for-f...
> The StageCraft process involves shooting live-action actors and sets surrounded by large, very high-definition LED video walls. These walls display computer-generated imagery backdrops, once traditionally composited primarily in post-production after shooting with chroma key screens. These facilities are known as "volumes". When shooting, the production team is able to realign the background instantly based on moving camera positions. The entire CGI background can be manipulated in real-time.
Lawyers must carefully pick jurors depending on how susceptible they may be to AI manipulation.
It is an order of magnitude easier now (likely as easy as documents have been to manipulate for 30ish years now). However, this is not a new problem, courts have always had to deal with manipulated evidence.
That won't work for the original source probably, but I would think AI sophisticated enough to tell if you're just recording a monitor would exist.
On Instagram? The website owned by that guy who loves AI slop and wants to fill your feed with it? That Instagram? Yeah, doesn’t seem likely.
https://techcrunch.com/2025/09/25/meta-launches-vibes-a-shor...
https://fortune.com/2024/10/30/mark-zuckerberg-ai-generated-...
I had 16.5GB or so used up so it was flashing red. When paid for Gemini, my total space jumped to 2TB and my usage dropped to 12GB. Disgusting. So might as well switch to fastmail. Not sure.
In fact until recently email was sent and received in the clear like a postcard, the whole system wasn't designed to be secure or secret in any way.
From article: "An email is your copy, and the sender can’t revise it later."
> For our staff, we encourage understanding the tools that exist in the world, and how to use them safely. Our policy makes it clear that any use of tools, including tools with AI in them, must follow clear privacy-preserving principles:
Data Protection: All data protection, confidentiality, and privacy policies must be followed (our vendors for things like anti-abuse and support are moving towards using AI for translation, categorization, abuse detection – and we are ensuring that their policies continue to provide protection for our customers)
Accountability for work: Any AI generated writing or code must be reviewed and understood by a human being, and go through our regular second-set-of-eyes processes before being used
Bias awareness: Actively look for biases or hallucinations in AI output
Human authority: Always have a path for appeal to a human from any decision that is made by automated toolsIf you count for automatically categorized Bayesian spam, it's about 99% noise.
That's one of the things that sucks about the current AI. Being employed by people that that are categorically opposed to using it to enhance privacy and filter advertising.
blibble•4mo ago
fastmail: read my lips: I pay you because you offer a traditional email service
if you add a single AI feature I will return to self hosting
toomuchtodo•4mo ago
mbesto•4mo ago
barbazoo•4mo ago
> Add a user to your billing plan to give someone their own Fastmail Inbox and login. Build your team, be it work or family, and share calendars, contacts and more. Give users extra addresses for free
The way my UX works is I can add users but they always have to have their own paid plan. Makes sense for heavy email users but not so much for my partner or our kids. I was hoping there was a 5 accounts for the price of 3 thing like Spotify et al do.
spott•4mo ago
withinboredom•4mo ago
gdulli•4mo ago
jimbo808•4mo ago
neutronicus•4mo ago
I am attempting to dogfood it, as I am pretty close to the target audience. I, a dev, get a bug report "X doesn't work". I have never heard of "X". Ask the AI assistant instead of Googling it or asking on Slack.
Google's AI overview is basically always better (and delivered sooner) than our own proprietary AI assistant.
daveguy•4mo ago
blibble•4mo ago
daveguy•4mo ago
Hopefully "product + AI" doesn't get us as big of a crash as "product + Internet" did in 2000. Pointing it out probably helps.
28304283409234•4mo ago
dlcarrier•4mo ago
drnick1•4mo ago
DamonHD•4mo ago
gjgtcbkj•4mo ago
drnick1•4mo ago
Before you start sending email, use mail-tester.com to check that DKIM is correctly set up and that your IP is not blacklisted.
Cu3PO42•4mo ago
> What matters is domain age, IP, and compliance with DKIM/DMARC.
Maybe it was my IP, but I cycled a few with my hosting provider and none of them made a difference. If I am unable to reliable obtain a 'trusted' IP, what good does it do?
I switched to hosted email and all my delivery issues were gone.
abdullahkhalids•4mo ago
Also, my experience with self-hosting email is that if you get people to email you first from their domain, and you reply to them, then you are not going to be blocked. Of course, this won't work if you send a lot of cold emails.
[1] https://mxtoolbox.com/SuperTool.aspx
renewiltord•4mo ago
witrak•4mo ago
>Maybe it was my IP, but I cycled a few with my hosting provider and none of them made a difference. If I am unable to reliable obtain a 'trusted' IP, what good does it do?
That's true. I have a Class C IP range and a domain registered for 30 years and yet Gmail still started ignoring my email server a couple of years ago...
Flere-Imsaho•4mo ago
I use everything I can to block trackers, spy ware, etc and have never been "Cloudflare blocked".
dlcarrier•4mo ago
I'm running MX Linux, Arch Linux, and FreeBSD, and usually use Seamonkey or Pale Moon, and if I absolutely have to I use Thorium.
Some websites using Cloudflare services, or other similar services, first load a landing page, historically with a captcha checkbox to verify that I'm human that would let me through, after completing. More recently, it'll outright say that I am denied access, or when I check the box it switches to a throbber that spins indefinitely, or it unchecks itself.
Some web pages, like eBay, will let me through initially, then at some point all tabs I have open will simultaneously switch to an unpassable captcha.
Flere-Imsaho•4mo ago
Mizza•4mo ago
Gigachad•4mo ago
tamimio•4mo ago
julianlam•4mo ago