There is a security issue related to MIME (HTML) emails and images within them. Spammers or otherwise nefarious characters will send an email with an image that pulls the image off of a server. Additional information is encoded in this request that identifies the email address to which it was sent. Thus, when Samantha opens the message, it retrieves the image and now the spammer has a verified email address which then prompts more email.
To address this issue we're working on "delayed loading" of images. We're planning on making this a user preference.
- Do you want it on by default?
- Do you want to control it/mandate it via user policy?
- Do you or your users need to be able to set this on a per-database basis e.g. your own personal mail file but not mail-in databases? or Betty-the-AA can set it for a delegated mail file but Ted-the-boss of the mailfile herself can choose not to?
- Assuming the email has loaded and not retrieved the images, what do you want to see in their stead? We were planning just little X's
- We were planning on giving Samantha a button to click to load the images, something like the following: