FilterHN

Email experiments: filtering out external images

53 points

by todsacerdoti

16 hours ago

| past

| 5 comments

| terracrypt.net

| HN

▲

ChrisLTD

7 hours ago

[-]

I filter emails with the word "unsubscribe" into a separate folder (label in Gmail). If you can unsubscribe from it, it's probably not critical. The vast majority of transactional emails (password resets, magic login links, 2fa codes) don't have that wording in the email body.

▲

iamacyborg

7 hours ago

[-]

This fails under CASL (Canadian Anti Spam Law) where transactional mail is required to provide an unsub mechanism. A lot of senders likely don’t bother personalising those emails based on recipient country.

▲

Marsymars

7 hours ago

[-]

There must be some nuance to this - e.g. I just double-checked a bank 2FA email from a bank that only has Canadian operations, and it doesn't have an unsub mechanism. I don't know how an unsubscribe mechanism for a 2FA email that you get after entering a correct password would even function.

▲

iamacyborg

6 hours ago

[-]

The unsub would only be for marketing emails, not for transactional ones, even if included in the transactional email.

▲

amlozano

7 hours ago

[-]

Maybe it’s ok to email a person after they click a button that says “mail me my 2fa” code? Not a lawyer but it feels right that if I say it’s ok to send me a one off email explicitly, it can omit an unsubscribe

▲

Marsymars

6 hours ago

[-]

I don't think I've ever seen a button that says "mail me my 2fa code". The workflow basically always goes like this:

1. I enter username/password and click "sign in". 2. Agorithms run on the server. 3. If the algorithms think "suspicious" I'm redirected to an "enter your emailed code" page and automatically send me an email.

In any case, the top of this thread was specifically referring to this type of transactional email.

Taking a quick look at my email history, I have a whole pile of transactional mail (from Canadian entities) with no unsubscribe links: a bank email notifying reception of a complaint, a bank email about my paycheque saying "You received this mandatory email alert to update you on transaction details", various order confirmation emails for things I purchased online, etc.

▲

zoky

4 hours ago

[-]

I see them all the time. Usually it’s in the form of “choose your 2FA method” and it gives you a choice between SMS/email/phone call or whatever.

▲

Neywiny

7 hours ago

[-]

I do this too, and in my experience, if it's important enough and I've missed it they'll call. Currently undergoing a major (positive) life event that's had more than a few of those cases. The other issue I run into is when somebody forwards me an email. I don't know if gmail filters can whitelist those but that's always led to me missing something important.

▲

asadm

5 hours ago

[-]

Related: GMail has an option to disable loading images by default. Which helps me escape tracker pixels and also know if a "human-like" email still has a tracking pixel or not.

▲

davchana

21 minutes ago

[-]

Long time ago somebody told that gmail pre fetches all images, so tracker pixels report exactly one open occurrence for images in gmail email.

▲

fhdkweig

3 hours ago

[-]

Mozilla's Thunderbird also has this feature. I'd imagine most security conscious mail reader/browsers do.

▲

have_faith

3 hours ago

[-]

So does Apple Mail, for anyone wondering.

▲

yearolinuxdsktp

2 hours ago

[-]

Fastmail.fm (a paid mail provider) also has a feature to not load remote images, and it’s on by default.

You can also set up arbitrarily complex filtering rules using Sieve, if the built-in rules UI is not sophisticated enough.

▲

c0balt

44 minutes ago

[-]

To add some more mailbox.org also has it with sieve rules. Posteo should have it too iirc

▲

red_admiral

8 hours ago

[-]

Here's another trick someone should build in: email using emoji in the subject line is probably advertising. Sometimes from lists you like being subscribed on, but if the subject uses U+2757 (big red exclamation mark) then it's more likely "SALE ENDS TOMORROW" and less "Your order shipped!"

EDIT: HN apparently filters out that code point. Good on you.

▲

duskwuff

7 hours ago

[-]

Unfortunately, eBay uses emoji in the subject lines for a bunch of their transactional email, e.g. "<U+1F4E6>ORDER DELIVERED".

▲

taftster

6 hours ago

[-]

Which is why they go to spam so often.

▲

Imustaskforhelp

7 hours ago

[-]

> Unfortunately, eBay uses emoji in the subject lines for a bunch of their transactional email, e.g. "<U+1F4E6>ORDER DELIVERED".

Don't really use G-mail (I personally use proton) so I am not sure but can't special exceptions be made for E-bay if that's the case?

▲

duskwuff

5 hours ago

[-]

GMail doesn't currently have any feature to do that kind of filtering.

▲

drnick1

4 hours ago

[-]

Alternative: Run your own server so that you can have as many mailboxes/aliases as you want. Give each webiste, company, or even person a different alias. The moment you receive spam, revoke the alias, and optionally name and shame spammers.

Some email providers and postfix also allow the creation of dynamic aliases of the form user+alias@example.com.

▲

c0balt

41 minutes ago

[-]

A reasonable alternative, if you value deliverability and don't want the actual hassle of maintaining a mail server, choose a mail provider, like mailbox.org, that allows bringing your own domain.

▲

qingcharles

3 hours ago

[-]

I use unique emails for every sender.

One thing I noticed is that most mailing lists now have a header that identifies them with a specific ID. When I click "Make rule from this email" in Fastmail the primary option is to sort it by that header, not by the sender or receiver. That way only the marketing emails get redirected and not transactional ones from the same sender.

List-Id: A Structured Field and Namespace for the Identification of Mailing Lists

https://www.ietf.org/rfc/rfc2919.txt

▲

taftster

6 hours ago

[-]

OK, but who uses email anymore for personal communication?

At least for most people in my circle, family is using a social media platform or iMessages. And work is using Teams or Slack or whatever.

Work email is basically useless at this point. I'm completely drowning in various Teams chats created specifically for each "thread" of conversation, with just enough people to make it unique. Or inversely, created with too many people and all conversation is just lost to infinite scroll and walls of text.

I'd pine for a return to email. But no one uses it anymore. Only companies trying to get my attention and a few important forwards for tax receipts. I think email is dead.

▲

benjojo12

6 hours ago

[-]

We must live in very different universes because most of my business is conducted over email!

▲

aezart

5 hours ago

[-]

Teams messages expire in 30 days at my job, we use email for anything that needs a paper trail

▲

rorylawless

4 hours ago

[-]

Yup, email is usually the preferred communication tool of record. In a previous job, our messages on Teams were wiped after 8 days so anything that needed to be recorded had to be in an email or some form of document.

▲

qingcharles

3 hours ago

[-]

And some platforms like Slack, WhatsApp (and previously Skype) make trying to find archived information such a slog as to not be worth it.

I can search email in two seconds.