On Donnerstag, 13. Juni 2013 09:08:57 CEST, Jan Kundrát wrote:
Thinking about this and expanding on my domain-based filtering idea, perhaps the button could tell the user what domains the mail is trying to fetch from, and upon pressing it, save these settings (the domain of the image URL) persistently, so that this domain is whitelisted for all future messages.
Whitelisting domains is pot. "dangerous" (as much as mail verification can be) since spammers could utilize generic image uploaders to send around customized pixels (you don't even have to be able to use php or so on the domain as long as you can see whether the image was ever fetched) an you can be sure those would end upon the whitelist, since your buddy once used one as well. Autoloading of external resources from push services is safe in a guaranteed local environment (ie. you can whitelist domains under your absolute control) - otherwise not. It's probably matter of scope: If one wants to use trojita as in-house mail app, it's resonable for the IT to whitelist eg. the local sharehoster. If you let joe i-find-the-powerbutton user edit white or blacklists, he's gonna shoot himself. (Proof: you're willing to whitelist domains. You didn't see the implications. You're certainly above mean. qed.) Cheers, Thomas
