Remote Content in Messages
- Revision id: 62683
- Creator: Matt
- Comment: some spelling and typographical nits
- Reviewed: No
- Ready for localization: No
Remote Content in Messages
E-mail messages can contain remote content such as images, stylesheets or videos. By default Thunderbird does not load remote content automatically, but instead shows a notification bar that it blocked remote content to protect your privacy.
Remote content is a privacy concern in that it can trivially allow the message sender to know
- each time you view the message
- rough details about what application and what platform you are using
- roughly your current location (by IP address)
- that your e-mail address is actually used ("alive")
... that is, almost the same information web sites commonly collect about you during your normal web surfing. While browsing has the same privacy implications, what makes remote content in messages different is that it is targeted at you initially, so you can assume your access is directly linkable to your e-mail address. This is also why spam often contains remote images (aka "web bugs") letting the spammer mark your address as alive if the image is ever loaded.
On the other hand, if you do get a lot genuine emails containing remote content it can get anyoying having to click "Show remote content in this message" for each message. They do look way more beautiful with images and stylesheets turned on. In the grand scheme of things, what you do online elsewhere is probably giving away way more information about yourself than loading content in a message would do.
If you are willing to accept the privacy implications Thunderbird gives you a few options; they can be adjusted under the Privacy tab.
Block remote content
This is the default, and what most people should be using. This mode is in use when the "Allow remote content in messages" checkbox is unticked. You can exclude specific sites from the rule by clicking the "Exceptions..." button and adding the domain.
In this mode, Thunderbird will show a blocked remote content notification bar when content is blocked. From the notification bar you can choose to add the sender e-mail address or sites (currently blocked in the messaege) to the remote content whitelist. Note however, that e-mail addresses are easily spoofable. On the contrarily, sites that remote content is located on can't be spoofed as long as the network isn't compromised.
Allow remote content
If the "Allow remote content in messages" checkbox is ticked, all remote content will be loaded, just like it would in a browser. You can exclude specific sites from the rule by clicking the "Exceptions..." button and adding the domain or e-mail address.