Enhanced remote resource (image, movies, etc) whitelisting/blocking support
Since we have a duty of care to people using the app, there isn't ever going to be an option to all remote resources by default. However there are things can can still be done to improve the current situation.
- Automatically whitelist senders in user's desktop address book via libfolks (!173 (merged))
- Handle loading of images specified in CSS (bgo 714479)
- A hidden "remote-resources-load" pref with three options: always-ask, ask-when-unsure, and never-load, where the middle option is equivalent to Geary's current behaviour
- Never load remote resources for messages in Trash, Junk
- Use DKIM/SPF lookups to validate the email's origin and automatically deny loading images if forged (we can't automatically load images if valid, since spammers will just use valid DKIM/SPF to get their junk seen).
- Investigate whitelisting whole conversations with other trusted originators (nice heuristic, but maybe problematic in some cases, e.g. if a conversation on a mailing gets hijacked)
- Support whitelisting/blacklisting whole domains (per #159)
See also #159