I am not aware of any settings to not show embedded images for spam. Those settings you mentioned are for attachments, and embedded graphics are different animals.

Does the spam email say it has 'Attachments' or not?

Is it possible you are seeing a html message that has formatting included eg: has a table and background colours etc, so looks like an image but it isn't ?

It would help if you uploaded an image which shows everything including Message Header and all content and displays the 'Attachments' section at bottom of message.

It may also help if you: selected email Click on 'More' and select 'View Source' Then post an image showing all the content onwards from 'Subject' . You do not need to post the headers which may include personal stuff like email address.

The setting to ensure remote content is disabled is here:

• Settings > Privacy & Security
• Mail Content
• Uncheck/do not select 'Allow remote content in messages'

Check there are no exceptions:

• Click on 'Exceptions' button
• If anything is listed then click on 'Remove all sites'
• Click on 'Save Changes'

Hi @toad-hall

Yes it seems to be a jpeg attachment - based on when I view as text only, then it shows a bit of text and indication of "1 attachment: s.jpeg"

Here's a copy and paste of the message source from 'Subject' down. There's a big block of base64 encoded jpeg content – I'll truncate the middle bulk of that for brevity here:

a bunch of addressing envelope stuff here

Subject: Instant Wi-Fi for any device, anywhere! Date: Thu, 27 Mar 2025 21:45:48 +0200 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_0006_01DB9F60.4A899910" X-Spam-Status: No, score=1.7 X-Spam-Score: 17 X-Spam-Bar: + X-Ham-Report: Spam detection software, running on the system "s96.etcserver.com",

has NOT identified this incoming email as spam.  The original
message has been attached to this so you can view it or label
similar future email.  If you have any questions, see
root\@localhost for details.
Content preview:  Stay connected anywhere with Ryoko! This easy-to-use portable
   Wi-Fi hotspot gives you global internet access on any device. Сlick and
  get discount -70% Off 
Content analysis details:   (1.7 points, 5.0 required)
 pts rule name              description
---- ---------------------- --------------------------------------------------
 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The
                            query to Validity was blocked.  See
                            https://knowledge.validity.com/hc/en-us/articles/20961730681243
                             for more information.
                        [62.173.141.205 listed in sa-trusted.bondedsender.org]
 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to
                             Validity was blocked.  See
                            https://knowledge.validity.com/hc/en-us/articles/20961730681243
                             for more information.
                            [62.173.141.205 listed in sa-accredit.habeas.com]
 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to
                             Validity was blocked.  See
                            https://knowledge.validity.com/hc/en-us/articles/20961730681243
                             for more information.
                           [62.173.141.205 listed in bl.score.senderscore.com]
-0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was blocked.
                            See
                            http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                             for more information.
                            [URI: bieszczady.pl]
-0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 0.0 KAM_DMARC_STATUS       Test Rule for DKIM or SPF Failure with Strict
                            Alignment
 1.6 HTML_IMAGE_ONLY_12     BODY: HTML: images with 800-1200 bytes of words
 0.0 HTML_IMAGE_RATIO_02    BODY: HTML has a low ratio of text to image area
 0.0 HTML_MESSAGE           BODY: HTML included in message
 0.0 T_TVD_MIME_EPI         BODY: No description available.

X-Spam-Flag: NO

This is a multi-part message in MIME format.

Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01DB9F60.4A899910"

Content-Type: text/plain; charset="windows-1251" Content-Transfer-Encoding: quoted-printable

0D=0A=0D=0A=0D=0A=0D=0AStay connected =0D=0Aanywhere with Ryoko!

0D=0AThis easy-to-use portable Wi-Fi hotspot =0D=0Agives you glo

bal internet access on any device. =0D=0A =0D=0A=D1lick =0D=0Aand=

get discount -70% Off=0D=0A=0D=0A=0D=0A =0D=0ADon=92t miss out o=

n this special price =0D=0A=0D=0A=0D=0A

Content-Type: text/html; charset="windows-1251" Content-Transfer-Encoding: quoted-printable

=0D=0A<meta http-equiv='3D"Content-Type"' content='3D"te=' xt="" html;="" charset='3Dwindows-1251"'>=0D=0A=0D=0A =3D#ffffff>=0D=0A

<FONT size=3D4 face=3DCalibri></FONT> </= DIV>=0D=0A

<FONT size=3D5 face=3DCalibri>=0Ahref=3D"https://a.balagan.bieszczady.pl/shopping185/">=D1lick=20=

=0D=0Aand get discount -70% Off</FONT>

=0D=0A

center><FONT size=3D4 face=3DCalibri>
th=3D700 height=3D425></FONT>

=0D=0A

<FON= T size=3D4 face=3DCalibri></FONT> 

=0D=0A

enter><FONT size=3D4 face=3DCalibri>Don=92t miss out on this spec=

ial price =0D=0A</FONT>

=0D=0A

</BO= <p>DY>=0D=0A

---

=_NextPart_000_0007_01DB9F60.4A899910--

---

=_NextPart_000_0006_01DB9F60.4A899910

Content-Type: image/jpeg; name="s.jpeg" Content-Transfer-Encoding: base64 Content-ID: <f206801db9f6189a08e58016e934bc@ihtazyh>

/9j/4AAQSkZJRgABAQEASABIAAD/4REkRXhpZgAATU0AKgAAAAgABwESAAMAAAABAAEAAAEaAAUA AAABAAAAYgEbAAUAAAABAAAAagEoAAMAAAABAAIAAAExAAIAAAA6AAAAcgEyAAIAAAAUAAAArIdp

< a bunch of base64 encoded characters here >

2wnCiOaQPkg4jOD789v14rZ1CVrfQdPhhd1juw0kpB4k2ttUH6NvOP8AaHXAwQj71ypt8pkpt3qH JCZ+YqMkD2FPIt

Hi @toad-hall

Thanks for the reply - apologies if you see this note multiple times, the forum seems to be having problems with me submitting this followup comment.

Yes the image seems to be a jpeg attachment - based on when I view as text only, then it shows a bit of text and indication of "1 attachment: s.jpeg". I'm attaching a screen shot of the message in "Plain text."

Here's also a copy and paste of the message source from 'Subject' down. There's a big block of base64 encoded jpeg content – I'll truncate the middle bulk of that for brevity here.

The characters are behaving weirdly - does this forum not support markdown code blocks?

Thanks for any insights on this. Ross.

- a bunch of addressing envelope stuff here -

Subject: Instant Wi-Fi for any device, anywhere! Date: Thu, 27 Mar 2025 21:45:48 +0200 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_0006_01DB9F60.4A899910" X-Spam-Status: No, score=1.7 X-Spam-Score: 17 X-Spam-Bar: + X-Ham-Report: Spam detection software, running on the system "s96.etcserver.com",

has NOT identified this incoming email as spam.  The original
message has been attached to this so you can view it or label
similar future email.  If you have any questions, see
root\@localhost for details.
Content preview:  Stay connected anywhere with Ryoko! This easy-to-use portable
   Wi-Fi hotspot gives you global internet access on any device. Сlick and
  get discount -70% Off 
Content analysis details:   (1.7 points, 5.0 required)
 pts rule name              description
---- ---------------------- --------------------------------------------------
 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The
                            query to Validity was blocked.  See
                            https://knowledge.validity.com/hc/en-us/articles/20961730681243
                             for more information.
                        [62.173.141.205 listed in sa-trusted.bondedsender.org]
 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to
                             Validity was blocked.  See
                            https://knowledge.validity.com/hc/en-us/articles/20961730681243
                             for more information.
                            [62.173.141.205 listed in sa-accredit.habeas.com]
 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to
                             Validity was blocked.  See
                            https://knowledge.validity.com/hc/en-us/articles/20961730681243
                             for more information.
                           [62.173.141.205 listed in bl.score.senderscore.com]
-0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was blocked.
                            See
                            http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                             for more information.
                            [URI: bieszczady.pl]
-0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 0.0 KAM_DMARC_STATUS       Test Rule for DKIM or SPF Failure with Strict
                            Alignment
 1.6 HTML_IMAGE_ONLY_12     BODY: HTML: images with 800-1200 bytes of words
 0.0 HTML_IMAGE_RATIO_02    BODY: HTML has a low ratio of text to image area
 0.0 HTML_MESSAGE           BODY: HTML included in message
 0.0 T_TVD_MIME_EPI         BODY: No description available.

X-Spam-Flag: NO

This is a multi-part message in MIME format.

Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01DB9F60.4A899910"

Content-Type: text/plain; charset="windows-1251" Content-Transfer-Encoding: quoted-printable

0D=0A=0D=0A=0D=0A=0D=0AStay connected =0D=0Aanywhere with Ryoko!

0D=0AThis easy-to-use portable Wi-Fi hotspot =0D=0Agives you glo

bal internet access on any device. =0D=0A =0D=0A=D1lick =0D=0Aand=

get discount -70% Off=0D=0A=0D=0A=0D=0A =0D=0ADon=92t miss out o=

n this special price =0D=0A=0D=0A=0D=0A

Content-Type: text/html; charset="windows-1251" Content-Transfer-Encoding: quoted-printable

=0D=0A<meta http-equiv='3D"Content-Type"' content='3D"te=' xt="" html;="" charset='3Dwindows-1251"'>=0D=0A=0D=0A =3D#ffffff>=0D=0A

<FONT size=3D4 face=3DCalibri></FONT> </= DIV>=0D=0A

<FONT size=3D5 face=3DCalibri>=0Ahref=3D"https://a.balagan.bieszczady.pl/shopping185/">=D1lick=20=

=0D=0Aand get discount -70% Off</FONT>

=0D=0A

center><FONT size=3D4 face=3DCalibri>
th=3D700 height=3D425></FONT>

=0D=0A

<FON= T size=3D4 face=3DCalibri></FONT> 

=0D=0A

enter><FONT size=3D4 face=3DCalibri>Don=92t miss out on this spec=

ial price =0D=0A</FONT>

=0D=0A

</BO= <p>DY>=0D=0A

---

=_NextPart_000_0007_01DB9F60.4A899910--

---

=_NextPart_000_0006_01DB9F60.4A899910

Content-Type: image/jpeg; name="s.jpeg" Content-Transfer-Encoding: base64 Content-ID: <f206801db9f6189a08e58016e934bc@ihtazyh>

/9j/4AAQSkZJRgABAQEASABIAAD/4REkRXhpZgAATU0AKgAAAAgABwESAAMAAAABAAEAAAEaAAUA AAABAAAAYgEbAAUAAAABAAAAagEoAAMAAAABAAIAAAExAAIAAAA6AAAAcgEyAAIAAAAUAAAArIdp

< a bunch of base64 encoded characters here >

2wnCiOaQPkg4jOD789v14rZ1CVrfQdPhhd1juw0kpB4k2ttUH6NvOP8AaHXAwQj71ypt8pkpt3qH JCZ+YqMkD2FPIt

You say " I'm attaching a screen shot of the message in "Plain text."" I'm presuming you have selected View > Message Body as > Plain Text.

The email as shown in image displays text only, but does mention there is an attachment, but does not display. This is expected.

you said: "STILL the images are shown to me when I select the spam message for deletion. "

Before you select to delete - Is the message already in the 'Spam/Junk' folder? If yes, then you do not need to select the individual email for deletion. You just right click on'Spam/Junk' folder and select 'Empty Junk' or if this is an imap account many servers auto empty the junk/spam folder after x days.

Or are you clicking on the 'Not Junk' because if you do that then the email will get put back into the Inbox. Or is email already in the 'Inbox' ?

Summary...Info required: Where is that email - Inbox or Spam/Junk folder ? What do you see when you are using View > Message Body as > Original HTML ? If you select to delete then email gets put into the 'Deleted/Trash' folder - Are you saying if you then reselect to view that email in the Trash, it loses it's junk status and you are now seeing more content ? If yes then post image of what you see when it's in the 'Trash'.

a) correct - the screen shot is when I've selected View > Message Body as > Plain Text and then the image doesn't show. Yes, that's as expected - just did that to show that TB indicates an attachment. But I normally don't use the view msgs as plain text, I use view as HTML, where the image *does* show. I use HTML view like most ppl because messages are often heavily HTML formatted, and viewing them all in plain text would be unappealing.

b) re "STILL the image is shown"

- yes, even though I have "don't show attachments inline" and "always ask" the images are STILL showing when I'm viewing them in HTML mode.   Again, I want to view my messages, in HTML format, but not load the spam images.

c) When I select a message for deletion the image is loaded. The message is NOT already in the 'Spam/Junk' folder, it's in my inbox. It's often, but not always marked as spam by the mail server, and I'm deleting it. Anything that TB has put into junk I'm not concerned about, and not looking at.

d) nope - not clicking "not junk"

Your summary questions:

1) Where is that email - inbox 2) When viewing my inbox with View > Message Body as > Original HTML (my normal usage mode) the spam message with image is showing the images. This is what I'm trying to stop. 3) Once the email is selected, deleted and in the trash - I'm not interacting with it. Don't care about it's status at that point, but I assume it's still marked as junk (checked - yes they retain their junk status). Again, don't care about it once it's deleted.

So - again - I just want HTML formatted messages arriving in my inbox with attached images to not show the images unless I tell them to show. Would've thought "always ask" and don't show images inline would do this but it doesn't.

Ross.

re :2) When viewing my inbox with View > Message Body as > Original HTML (my normal usage mode) the spam message with image is showing the images. This is what I'm trying to stop.

Did you forget to post an image of this? This is the image I've asked you to upload.

re: c) When I select a message for deletion the image is loaded. The message is NOT already in the 'Spam/Junk' folder, it's in my inbox.

If Thundrebird thinks it's junk then I would have expected it to be in the 'Junk/Spam' folder. Have you set up the accounts 'Junk Settings' to get Thunderbird to auto put those emails marked as junk into the Junk/Spam folder ?

When an email contains an image which has been included inline as part of the content and it does not contain any remote content, then it is part of the email itself - it does not need to link to anything remotely in order to display. It is a safe image.

But if you select to view message body as Plain Text, then it strips all formatting but links are maintained assuming they have been properly html css encoded in the first place and all images are added as an attachment. This is normal.

The word 'Click' is the only part of the code in the email which is a link but the html is not correct as it's missing vital code which makes it a link. So it appears as a text format. I've seen plenty of those poor html codes when people send me emails using their phones.

Windows-1251 ASCII printable and extended 0D = Carriage Return 0A = Line feed D1 = С

re :So - again - I just want HTML formatted messages arriving in my inbox with attached images to not show the images unless I tell them to show.

Let's be clear on this because you seem confused ...the following applies to the example you provided... The HTML formatted message that arrived in your inbox DOES NOT have any attached image. The image is part of the email content - it is embedded inline - not attached and does not contain any remote content - it does not require access to internet in order to display.

The image only becomes shown as 'attached' when you select to view using 'Plain Text' because plain text strips all formatting and can only display text. So any embedded inline images (not remote images) that are part of the normal email content will then get appended as attachments so data is not removed and people who only use Plain Text still get access to images intended as part of the body.

Assuming you are using 'View > Message Body as > Original HTML

1. If email is sent using HTML formatting and it does have 'attached' images indicated as 'Attachments' below email then you can choose to 'View' > 'Display attachments inline' This means the attachments will then display below the email content and there is no requirement to open the attachments using a suitable image software.

2. If email is sent using HTML formatting and displays images embedded inline as part of the email itself then they will display in the position they were set to be located. They are not attachments and they are not remote content.

3. If email is sent using HTML Formatting and it contains images that are not embedded and not attached, but are included as if in content by using 'remote content' - it means when email is opened the images need to use the internet in order to download and display then they are called 'Remote Content'. Thunderbird does not enabled this by default for obvious security reasons.

Did you forget to post an image of this? This is the image I've asked you to upload. You had asked me to post an image if I'm selecting it when it's in the trash, which it isnt, i don't do, and is irrelevant.

If Thundrebird thinks it's junk then I would have expected it to be in the 'Junk/Spam' folder I mentioned the mail server is marking it as probable junk. These are the few that get past my server-side delete filters. I don't move them to a junk folder as occasionally they are legit messages I don't want to miss. The bulk of other junk is handled and removed.

A message with an image (junk or not) should let me decide if I see the image. Trust can't be assumed, but sometimes it will be a good message and the user can click to view the image.

When an email contains an image which has been included inline as part of the content and it does not contain any remote content, then it is part of the email itself - it does not need to link to anything remotely in order to display. It is a safe image.

No - THIS is what the spammers are gaming. If they are including the image as part of the email one should not have to trust the spammers and pretend it's a safe image. THIS is what we should be able to detect and not display. The act of including an image does not magically make it a trusted image. Thunderbird should be able to suppress images if the user doesn't want to just view them all without control. "Always ask" should mean always ask.

But if you select to view message body as Plain Text, then it strips all formatting but links are maintained... etc etc

Anyway - this doesn't seem to be in your wheelhouse. Thanks for the response but I think we've lost the plot.

re :Anyway - this doesn't seem to be in your wheelhouse. Thanks for the response but I think we've lost the plot.

You may well be talking about your position, but I've not lost anything and it's definity in my wheelhouse.

You stated Even though I have the Reading & Display setting of "View attachments inline" NOT checked, and the Files & Attachment settings for content type of JPEG Image and PNG Image (and everything else) all set to "Always Ask" – STILL the images are shown to me when I select the spam message for deletion......this is not about REMOTE images, rather image attachments.

I've explained that the image you are talking about is not an Attachment when viewed as original html because it is embedded inline. So all the stuff about 'attachments' does not apply.

If you posted the requested image and it does not show a outline of rectangle with a broken file icon, then the image does not contain remote content. And even if the rectangle outline appeared - it would be perfectly safe because Thunderbird had blocked it. Obviously, I'm assuming you have not chosen to display remote content.

Now I'm assuming you do not see the box outline etc because you stated : this is not about REMOTE images

Why is it such a problem to post an image of the HTML email - For some unknown reason I seem to have hit a sore point for you and I'm not sure why? I believe if you posted that image it would prove a point - the image is embedded inline and there are no attachments and there is no remote content. It is just an image.

re :If they are including the image as part of the email one should not have to trust the spammers and pretend it's a safe image.

The email itself may well be from a spammer or it might just be a company just trying to make sales, so not a spammer but maybe considered as junk. The most dangerous part of that email may be the text links and they do not seem to be part of any image.

Why do you think the image is not safe ? Something must be upsetting you. What makes you believe it's 'pretending' to be safe when image has no remote content? Are you willing to post the requested image of email showing what you see?

The only time Thunderbird blocks images is when they are potentially dangerous and that means when they contain remote content.

The bottom line is this: when viewing Message Body as 'Original HTML' If image is not an attachment and not remote content but is an embedded inline image then image is part of email content and it will display. If you do no want to see any embedded inline image then you must choose to view Message Body as 'Plain Text'.