Email experiments: filtering out external images

https://www.terracrypt.net/posts/email-experiments-image-filtering.html

68•todsacerdoti•1w ago

Comments

red_admiral•1w ago

Here's another trick someone should build in: email using emoji in the subject line is probably advertising. Sometimes from lists you like being subscribed on, but if the subject uses U+2757 (big red exclamation mark) then it's more likely "SALE ENDS TOMORROW" and less "Your order shipped!"

EDIT: HN apparently filters out that code point. Good on you.

duskwuff•1w ago

Unfortunately, eBay uses emoji in the subject lines for a bunch of their transactional email, e.g. "<U+1F4E6>ORDER DELIVERED".

Imustaskforhelp•1w ago

> Unfortunately, eBay uses emoji in the subject lines for a bunch of their transactional email, e.g. "<U+1F4E6>ORDER DELIVERED".

Don't really use G-mail (I personally use proton) so I am not sure but can't special exceptions be made for E-bay if that's the case?

duskwuff•1w ago

GMail doesn't currently have any feature to do that kind of filtering.

taftster•1w ago

Which is why they go to spam so often.

ChrisLTD•1w ago

I filter emails with the word "unsubscribe" into a separate folder (label in Gmail). If you can unsubscribe from it, it's probably not critical. The vast majority of transactional emails (password resets, magic login links, 2fa codes) don't have that wording in the email body.

iamacyborg•1w ago

This fails under CASL (Canadian Anti Spam Law) where transactional mail is required to provide an unsub mechanism. A lot of senders likely don’t bother personalising those emails based on recipient country.

Marsymars•1w ago

There must be some nuance to this - e.g. I just double-checked a bank 2FA email from a bank that only has Canadian operations, and it doesn't have an unsub mechanism. I don't know how an unsubscribe mechanism for a 2FA email that you get after entering a correct password would even function.

amlozano•1w ago

Maybe it’s ok to email a person after they click a button that says “mail me my 2fa” code? Not a lawyer but it feels right that if I say it’s ok to send me a one off email explicitly, it can omit an unsubscribe

Marsymars•1w ago

I don't think I've ever seen a button that says "mail me my 2fa code". The workflow basically always goes like this:

1. I enter username/password and click "sign in". 2. Agorithms run on the server. 3. If the algorithms think "suspicious" I'm redirected to an "enter your emailed code" page and automatically send me an email.

In any case, the top of this thread was specifically referring to this type of transactional email.

Taking a quick look at my email history, I have a whole pile of transactional mail (from Canadian entities) with no unsubscribe links: a bank email notifying reception of a complaint, a bank email about my paycheque saying "You received this mandatory email alert to update you on transaction details", various order confirmation emails for things I purchased online, etc.

zoky•1w ago

I see them all the time. Usually it’s in the form of “choose your 2FA method” and it gives you a choice between SMS/email/phone call or whatever.

iamacyborg•1w ago

The unsub would only be for marketing emails, not for transactional ones, even if included in the transactional email.

Neywiny•1w ago

I do this too, and in my experience, if it's important enough and I've missed it they'll call. Currently undergoing a major (positive) life event that's had more than a few of those cases. The other issue I run into is when somebody forwards me an email. I don't know if gmail filters can whitelist those but that's always led to me missing something important.

taftster•1w ago

OK, but who uses email anymore for personal communication?

At least for most people in my circle, family is using a social media platform or iMessages. And work is using Teams or Slack or whatever.

Work email is basically useless at this point. I'm completely drowning in various Teams chats created specifically for each "thread" of conversation, with just enough people to make it unique. Or inversely, created with too many people and all conversation is just lost to infinite scroll and walls of text.

I'd pine for a return to email. But no one uses it anymore. Only companies trying to get my attention and a few important forwards for tax receipts. I think email is dead.

benjojo12•1w ago

We must live in very different universes because most of my business is conducted over email!

aezart•1w ago

Teams messages expire in 30 days at my job, we use email for anything that needs a paper trail

rorylawless•1w ago

Yup, email is usually the preferred communication tool of record. In a previous job, our messages on Teams were wiped after 8 days so anything that needed to be recorded had to be in an email or some form of document.

qingcharles•1w ago

And some platforms like Slack, WhatsApp (and previously Skype) make trying to find archived information such a slog as to not be worth it.

I can search email in two seconds.

asadm•1w ago

Related: GMail has an option to disable loading images by default. Which helps me escape tracker pixels and also know if a "human-like" email still has a tracking pixel or not.

fhdkweig•1w ago

Mozilla's Thunderbird also has this feature. I'd imagine most security conscious mail reader/browsers do.

have_faith•1w ago

So does Apple Mail, for anyone wondering.

yearolinuxdsktp•1w ago

Fastmail.fm (a paid mail provider) also has a feature to not load remote images, and it’s on by default.

You can also set up arbitrarily complex filtering rules using Sieve, if the built-in rules UI is not sophisticated enough.

c0balt•1w ago

To add some more mailbox.org also has it with sieve rules. Posteo should have it too iirc

davchana•1w ago

Long time ago somebody told that gmail pre fetches all images, so tracker pixels report exactly one open occurrence for images in gmail email.

mgarciaisaia•1w ago

Disabling external images was the default until they started proxying+caching the images themselves. So now _by default_ clients get to see the images without sending tracking data to the senders - Google doesn't like competition.

I still keep the images disabled, though. In most cases, you don't care about what's there in the images anyway.

Pyrodogg•1w ago

It also helps avoid "oo shiny!" distractions and helps keep the focus on the message.

drnick1•1w ago

Alternative: Run your own server so that you can have as many mailboxes/aliases as you want. Give each webiste, company, or even person a different alias. The moment you receive spam, revoke the alias, and optionally name and shame spammers.

Some email providers and postfix also allow the creation of dynamic aliases of the form user+alias@example.com.

qingcharles•1w ago

I use unique emails for every sender.

One thing I noticed is that most mailing lists now have a header that identifies them with a specific ID. When I click "Make rule from this email" in Fastmail the primary option is to sort it by that header, not by the sender or receiver. That way only the marketing emails get redirected and not transactional ones from the same sender.

List-Id: A Structured Field and Namespace for the Identification of Mailing Lists

https://www.ietf.org/rfc/rfc2919.txt

c0balt•1w ago

A reasonable alternative, if you value deliverability and don't want the actual hassle of maintaining a mail server, choose a mail provider, like mailbox.org, that allows bringing your own domain.

navigate8310•6d ago

Some providers simply straight up refuse +ed aliases. I really like how gmail breaks RFC by using dots at any arbitrary position of your username. This is not at all an efficient and correct use of aliases but it gets the job done sometimes

1718627440•5d ago

> I really like how gmail breaks RFC by using dots at any arbitrary position of your username.

Do they? I think the local part can be anything that the MDA chooses to accept and that different local parts of an address result in the email message being placed into the same mailbox, is nothing an RFC would forbid.

Start all of your commands with a comma (2009)

OpenCiv3: Open-source, cross-platform reimagining of Civilization III

Hoot: Scheme on WebAssembly

The Waymo World Model

How we made geo joins 400× faster with H3 indexes

Unseen Footage of Atari Battlezone Arcade Cabinet Production

Vocal Guide – belt sing without killing yourself

Jeffrey Snover: "Welcome to the Room"

ga68, the GNU Algol 68 Compiler – FOSDEM 2026 [video]

Show HN: Look Ma, No Linux: Shell, App Installer, Vi, Cc on ESP32-S3 / BreezyBox

Monty: A minimal, secure Python interpreter written in Rust for use by AI

Where did all the starships go?

UK infants ill after drinking contaminated baby formula of Nestle and Danone

Show HN: I spent 4 years building a UI design tool with only the features I use

Hackers (1995) Animated Experience

Sheldon Brown's Bicycle Technical Info

Show HN: If you lose your memory, how to regain access to your computer?

Microsoft open-sources LiteBox, a security-focused library OS

An Update on Heroku

PC Floppy Copy Protection: Vault Prolok

Dark Alley Mathematics

Was Benoit Mandelbrot a hedgehog or a fox?

The AI boom is causing shortages everywhere else

How to effectively write quality code with AI

Delimited Continuations vs. Lwt for Threads

Introducing the Developer Knowledge API and MCP Server

I now assume that all ads on Apple news are scams

Female Asian Elephant Calf Born at the Smithsonian National Zoo

Understanding Neural Network, Visually

I spent 5 years in DevOps – Solutions engineering gave me what I was missing