Email experiments: filtering out external images

https://www.terracrypt.net/posts/email-experiments-image-filtering.html

68•todsacerdoti•1w ago

Comments

red_admiral•1w ago

Here's another trick someone should build in: email using emoji in the subject line is probably advertising. Sometimes from lists you like being subscribed on, but if the subject uses U+2757 (big red exclamation mark) then it's more likely "SALE ENDS TOMORROW" and less "Your order shipped!"

EDIT: HN apparently filters out that code point. Good on you.

duskwuff•1w ago

Unfortunately, eBay uses emoji in the subject lines for a bunch of their transactional email, e.g. "<U+1F4E6>ORDER DELIVERED".

Imustaskforhelp•1w ago

> Unfortunately, eBay uses emoji in the subject lines for a bunch of their transactional email, e.g. "<U+1F4E6>ORDER DELIVERED".

Don't really use G-mail (I personally use proton) so I am not sure but can't special exceptions be made for E-bay if that's the case?

duskwuff•1w ago

GMail doesn't currently have any feature to do that kind of filtering.

taftster•1w ago

Which is why they go to spam so often.

ChrisLTD•1w ago

I filter emails with the word "unsubscribe" into a separate folder (label in Gmail). If you can unsubscribe from it, it's probably not critical. The vast majority of transactional emails (password resets, magic login links, 2fa codes) don't have that wording in the email body.

iamacyborg•1w ago

This fails under CASL (Canadian Anti Spam Law) where transactional mail is required to provide an unsub mechanism. A lot of senders likely don’t bother personalising those emails based on recipient country.

Marsymars•1w ago

There must be some nuance to this - e.g. I just double-checked a bank 2FA email from a bank that only has Canadian operations, and it doesn't have an unsub mechanism. I don't know how an unsubscribe mechanism for a 2FA email that you get after entering a correct password would even function.

amlozano•1w ago

Maybe it’s ok to email a person after they click a button that says “mail me my 2fa” code? Not a lawyer but it feels right that if I say it’s ok to send me a one off email explicitly, it can omit an unsubscribe

Marsymars•1w ago

I don't think I've ever seen a button that says "mail me my 2fa code". The workflow basically always goes like this:

1. I enter username/password and click "sign in". 2. Agorithms run on the server. 3. If the algorithms think "suspicious" I'm redirected to an "enter your emailed code" page and automatically send me an email.

In any case, the top of this thread was specifically referring to this type of transactional email.

Taking a quick look at my email history, I have a whole pile of transactional mail (from Canadian entities) with no unsubscribe links: a bank email notifying reception of a complaint, a bank email about my paycheque saying "You received this mandatory email alert to update you on transaction details", various order confirmation emails for things I purchased online, etc.

zoky•1w ago

I see them all the time. Usually it’s in the form of “choose your 2FA method” and it gives you a choice between SMS/email/phone call or whatever.

iamacyborg•1w ago

The unsub would only be for marketing emails, not for transactional ones, even if included in the transactional email.

Neywiny•1w ago

I do this too, and in my experience, if it's important enough and I've missed it they'll call. Currently undergoing a major (positive) life event that's had more than a few of those cases. The other issue I run into is when somebody forwards me an email. I don't know if gmail filters can whitelist those but that's always led to me missing something important.

taftster•1w ago

OK, but who uses email anymore for personal communication?

At least for most people in my circle, family is using a social media platform or iMessages. And work is using Teams or Slack or whatever.

Work email is basically useless at this point. I'm completely drowning in various Teams chats created specifically for each "thread" of conversation, with just enough people to make it unique. Or inversely, created with too many people and all conversation is just lost to infinite scroll and walls of text.

I'd pine for a return to email. But no one uses it anymore. Only companies trying to get my attention and a few important forwards for tax receipts. I think email is dead.

benjojo12•1w ago

We must live in very different universes because most of my business is conducted over email!

aezart•1w ago

Teams messages expire in 30 days at my job, we use email for anything that needs a paper trail

rorylawless•1w ago

Yup, email is usually the preferred communication tool of record. In a previous job, our messages on Teams were wiped after 8 days so anything that needed to be recorded had to be in an email or some form of document.

qingcharles•1w ago

And some platforms like Slack, WhatsApp (and previously Skype) make trying to find archived information such a slog as to not be worth it.

I can search email in two seconds.

asadm•1w ago

Related: GMail has an option to disable loading images by default. Which helps me escape tracker pixels and also know if a "human-like" email still has a tracking pixel or not.

fhdkweig•1w ago

Mozilla's Thunderbird also has this feature. I'd imagine most security conscious mail reader/browsers do.

have_faith•1w ago

So does Apple Mail, for anyone wondering.

yearolinuxdsktp•1w ago

Fastmail.fm (a paid mail provider) also has a feature to not load remote images, and it’s on by default.

You can also set up arbitrarily complex filtering rules using Sieve, if the built-in rules UI is not sophisticated enough.

c0balt•1w ago

To add some more mailbox.org also has it with sieve rules. Posteo should have it too iirc

davchana•1w ago

Long time ago somebody told that gmail pre fetches all images, so tracker pixels report exactly one open occurrence for images in gmail email.

mgarciaisaia•1w ago

Disabling external images was the default until they started proxying+caching the images themselves. So now _by default_ clients get to see the images without sending tracking data to the senders - Google doesn't like competition.

I still keep the images disabled, though. In most cases, you don't care about what's there in the images anyway.

Pyrodogg•1w ago

It also helps avoid "oo shiny!" distractions and helps keep the focus on the message.

drnick1•1w ago

Alternative: Run your own server so that you can have as many mailboxes/aliases as you want. Give each webiste, company, or even person a different alias. The moment you receive spam, revoke the alias, and optionally name and shame spammers.

Some email providers and postfix also allow the creation of dynamic aliases of the form user+alias@example.com.

qingcharles•1w ago

I use unique emails for every sender.

One thing I noticed is that most mailing lists now have a header that identifies them with a specific ID. When I click "Make rule from this email" in Fastmail the primary option is to sort it by that header, not by the sender or receiver. That way only the marketing emails get redirected and not transactional ones from the same sender.

List-Id: A Structured Field and Namespace for the Identification of Mailing Lists

https://www.ietf.org/rfc/rfc2919.txt

c0balt•1w ago

A reasonable alternative, if you value deliverability and don't want the actual hassle of maintaining a mail server, choose a mail provider, like mailbox.org, that allows bringing your own domain.

navigate8310•1w ago

Some providers simply straight up refuse +ed aliases. I really like how gmail breaks RFC by using dots at any arbitrary position of your username. This is not at all an efficient and correct use of aliases but it gets the job done sometimes

1718627440•5d ago

> I really like how gmail breaks RFC by using dots at any arbitrary position of your username.

Do they? I think the local part can be anything that the MDA chooses to accept and that different local parts of an address result in the email message being placed into the same mailbox, is nothing an RFC would forbid.

Building Interactive C/C++ workflows in Jupyter through Clang-REPL [video]

Tactical tornado is the new default

Full-Circle Test-Driven Firmware Development with OpenClaw

Automating Myself Out of My Job – Part 2

Google staff call for firm to cut ties with ICE

Dependency Resolution Methods

Crypto firm apologises for sending Bitcoin users $40B by mistake

Show HN: iPlotCSV: CSV Data, Visualized Beautifully for Free

There's no such thing as "tech" (Ten years later)

List of unproven and disproven cancer treatments

Me/CFS: The blind spot in proactive medicine (Open Letter)

Ask HN: What are the word games do you play everyday?

Show HN: Paper Arena – A social trading feed where only AI agents can post

TOSTracker – The AI Training Asymmetry

The Devil Inside GitHub

Show HN: Distill – Migrate LLM agents from expensive to cheap models

Show HN: Sigma Runtime – Maintaining 100% Fact Integrity over 120 LLM Cycles

Make a local open-source AI chatbot with access to Fedora documentation

Introduce the Vouch/Denouncement Contribution Model by Mitchellh

Software Factories and the Agentic Moment

The Neuroscience Behind Nutrition for Developers and Founders

Bang bang he murdered math {the musical } (2024)

A Night Without the Nerds – Claude Opus 4.6, Field-Tested

Could ionospheric disturbances influence earthquakes?

SpaceX's next astronaut launch for NASA is officially on for Feb. 11 as FAA clea

Show HN: One-click AI employee with its own cloud desktop

Show HN: Poddley – Search podcasts by who's speaking

Same Surface, Different Weight

The Rise of Spec Driven Development

The first good Raspberry Pi Laptop