• dejected_warp_core@lemmy.world
    link
    fedilink
    arrow-up
    2
    ·
    5 months ago

    In the case of using the preview pane, there’s a subtle case of displaying external images (img src in HTML) where an attacker can get an idea of what content is getting past email filters. The client will just download the image automatically, and the attacker’s webserver logs the activity. I think that can be turned off in various email clients, but folks have to be savvy enough to know to do it.

    • jaybone@lemmy.world
      link
      fedilink
      arrow-up
      3
      ·
      5 months ago

      Doesn’t thunderbird by default not download external images?

      Also if I was working IT for some company I would make sure all email clients were configured that way.