Enhanced remote resource (image, movies, etc) allow/block support
We often get requests for extending the default behaviour for loading remote images, etc., including both always load images: (#115 (closed), bgo 714554) and never load images (bgo 782456).
Since we have a duty of care to people using the app, there isn't ever going to be an option to all remote resources by default. However there are things can can still be done to improve the current situation.
-
Automatically allow senders in user's desktop address book via libfolks (!173 (merged)) -
Handle loading of images specified in CSS (bgo 714479) -
A hidden "remote-resources-load" pref with three options: always-ask, ask-when-unsure, and never-load, where the middle option is equivalent to Geary's current behaviour -
Never load remote resources for messages in Trash, Junk -
Use DKIM/SPF lookups to validate the email's origin and automatically deny loading images if forged (we can't automatically load images if valid, since spammers will just use valid DKIM/SPF to get their junk seen). -
Investigate allowing whole conversations with other trusted originators (nice heuristic, but maybe problematic in some cases, e.g. if a conversation on a mailing gets hijacked) -
Support allow/block lists for whole domains (per #159)
See also #159