Email experiments: filtering out external images

42 points by jfred

fly

I mentioned this in the other thread: I filter on the word “unsubscribe”, and it is almost 100% effective.

hoistbypetard

That would break things for me. It's a thing several of my friends say when a thread drifts to a place they don't like.
- klingtnet
  
  You could whitelist emails from your address book if the mail filter allows that.
- confusedcyborg
  
  Maybe it would be better to filter on links that include the word unsubscribe instead?
  - hoistbypetard
    
    Yeah, that'd work better for me, certainly.
  - abareplace
    
    Alternatively, you can filter by link text that includes the unsubscribe word. Something like <a\s[^>]+>[^<>]*unsubscribe[^<>]*</a> (case-insensitive match)
  - fedemp
    
    That would break with the many that use "click here" for everything. :D
- atmosx
  
  Interesting. Comments section via sr.ht mailing list, the idea is similar to GH comments for blog comments but doesn’t require a GH account. Cool.
  - jfred
    
    Yeah, I think I saw someone else do something similar and it sounded like a neat idea so I cribbed it for my own site. I haven't actually gotten any email to the list (it's my tiny personal blog so wouldn't expect much) but I have gotten some direct mail through the link at the bottom before!
    
    Static site generator made it easy enough to put the post title in the subject of a mailto link, so I figured why not? :)
- johnklos
  
  FYI, lots of spam and phishing email uses image links that're http instead of https, and often with odd capitalizations like "hTTP" or "hTTPs".
  
  Any tool to help separate real senders from imaginary ones is excellent. One good one I'm thinking of trying is any Gmail / Outlook / Hotmail that comes from anywhere other than Google's / Microsoft's servers. It's amazing how much spam fits this pattern and how I've never found legitimate email that fits.
  - jfred
    
    Ooh, good callout. That should be a relatively straightforward tweak to the regex to catch arbitrary capitalization if I find those making their way through. It'll look a lot messier though haha
    
    ejri
    
    According to the RFC, default should be case insensitive:
    
    https://datatracker.ietf.org/doc/html/rfc5173#section-4
  - hoistbypetard
    
    Your MTA should already be doing what you want with SPF and DMARC. For example, google publishes DMARC records that say any failed checks should cause your MTA to quarantine messages from gmail.com, and they publish SPF records for gmail.com. So your MTA should quarantine any message claiming to be from gmail.com without a valid SPF record naming the server that's sending it. And when it sees such a match, it should include a Received-SPF: pass header in the message.
    
    So for these senders, at least, checking that header should do the job if your MTA is behaving properly.
- hoistbypetard
  
  I'd be curious to hear whether this rule accidentally catches family members/colleagues who do things like use webmail clients from google/microsoft to embed links to online documents. If it doesn't run into false positives on things like that, it strikes me as overwhelmingly likely to be a good heuristic.
  
  I know it'd catch things like Mailspring, which I briefly tried out when it went GPL a while back. That one starts (or used to start) as a trial for their "pro" service, and when I tried it, it defaulted to sending a tracking pixel so you could tell when someone opened your messages. That was an extremely unpleasant surprise, but I suppose I would not be astonished if they're the only ones doing it.