Remote Content in Messages

Email messages can contain remote content such as images, stylesheets or videos. By default Thunderbird does not load remote content automatically, but instead shows a notification bar that it blocked remote content to protect your privacy.

Remote content is a privacy concern because it allows the message sender to know:

  • each time you view the message
  • rough details about what application and what platform you are using
  • your current geographic location (a rough approximation by IP address)
  • that your email address is actually used ("alive")

This is almost the same information web sites commonly collect about you during normal web surfing. While browsing has the same privacy implications, what makes remote content in messages different is that it is targeted at you initially, so you can assume your access is directly linkable to your email address. This is also why spam often contains remote images (also known as "web bugs") which allow the spammer to mark your address as valid if the image is ever loaded.

On the other hand, if you do get many genuine emails containing remote content it can get annoying having to click "Show remote content in this message" for each message. Emails look much better with images and stylesheets turned on.

All in all, however, what you do online in a web browser is usually disclosing much more information about yourself than loading content in an email message.

Remote content is blocked by default

This is the default, and what most people should be using. In this mode, Thunderbird will show a blocked remote content notification bar when content is blocked.

Display remote content for a particular message

Remote content blocking options

From the notification bar you can choose to:

  • Show remote content in this message to show remote content just for this particular message OR
  • Edit remote content preferences... to Display remote content by default (see next section).
  • Allow remote content for... to show the remote content for all messages from this sender.

Allow remote content for... adds the sender email address or sites (currently blocked in the message) to the remote content whitelist.

Note however, that email addresses are easily spoofable in contrast to web sites that serve remote content. As long as the network is not compromised, it is much more difficult to spoof content than email addresses.

Display remote content by default

If you are willing to accept the privacy implications of displaying remote content for all messages, Thunderbird allows you to display remote content by default.

This is set in Thunderbird | PreferencesTools | OptionsEdit | Preferences, followed by selecting the Privacy tab.

If the Allow remote content in messages checkbox is ticked, all remote content will be loaded, just like it would in a browser. You can exclude specific sites from the rule by clicking Exceptions... and adding the domain or email address.

Share this article:

Was this article helpful? Please wait...

These fine people helped write this article: Tonnes, rtanglao, Swarnava, MattAuSupport, ouesten, mkmelin. You can help too - find out how.