Hide images only on some folders
Hello. I recently went back to Thunderbird after having used the default Mail app in Windows 10 and 11 for some time. I am pleased with how it works and intend to now use it as my default email client. However, I am concerned that the option to make images visible in emails extends to the entire program, and emails that my mail providers have identified as spam and sent to a "Junk" folder will show embedded images. This was not an issue with the Mail app in Windows.
This is not good for security and privacy, as displaying images on spam messages is a way for spammers to confirm an account is live and thus continue sending their garbage. Would it be possible to have Thunderbird block images *only* in specific folders of the user's choosing, while still be able to see them in the rest of the user folders?
Thanks.
Alle Antworten (4)
You can control this at settings>privacy&security
That doesn't solve it. The option in the settings is an "all OR nothing" toggle. Either it blocks all images (requiring making an exception for *every* safe sender), or it allows *ALL* images with no way to make an exception. What I would like is for anything that has been previously sent to a spam or junk folder by the mail provider (Microsoft, Yahoo, Gmail, etc.) to have its remote loading images disabled.
As I said, other email app and web mail sites do this automatically, so it is odd that it has not been implemented in Thunderbird.
Ok I will stick my neck out and ask.
What is the security risk these images present over non spam images?
I guess that your IP address downloaded the image might be considered a security risk in that it identifies a currently in use IP address, but the same could be said of any image loaded on any web page. That they are in SPAM does not make them inherently special as far as security goes.
Some 10 years ago I was involved in writing this article https://support.mozilla.org/en-US/kb/remote-content-in-messages nothing much has changed. There are privacy issues with all remote content, but they are really not all that much worse for SPAM, as the images are often those from site being scammed. It makes the scam emails more authentic looking.
But Thunderbird also does not run scripts, so any image that is loaded via a script simply does not load in any circumstance. Unlike other mail viewing platforms that are quite happy to run the PHP scripts on the remote server. Google say they scan those scripts. Personally I like that they just do not run. I can do without images that are not really links to images.
It is not so much a security issue, but a way to keep less spam from coming in.
Spam messages can contain very small, hidden images that can get loaded without user intervention. This way spammers may know which accounts are used by real people, and thus they continue sending more of their garbage. This is why email clients will not display images on emails that have been sent to a spam or junk folder.
But, hey, if there is no intention on adding what seems like a simple feature to a program, then so be it. Just like I stopped using the Windows built-in client and switched to Thunderbird, I can also stop using Thunderbird (again) and switch to another app that does what I need. There are plenty of them around.