#60 ✓fixreleased
Bill Cole

Unsafe handling of HTML mail and mail parts

Reported by Bill Cole | February 19th, 2011 @ 12:06 AM

MailMate automatically attempts to retrieve external content (e.g. images, css files, etc.) referenced in html mail without getting the explicit permission of the user. It already blocks external content for mail that is deemed "junk" and that behavior should be on by default for all mail. Junk filters do not identify junk, and even wanted mail sometimes uses external content in ways that harm privacy.

Comments and changes to this ticket

  • benny

    benny February 19th, 2011 @ 12:37 AM

    • State changed from “new” to “resolved”
    • Assigned user set to “benny”

    Actually MailMate blocks external references in many cases. The following is from the release notes:

    External references are blocked for a message if one or more of the following is true:

    • It is in a junk mailbox
    • It is marked $Junk
    • It is in an Inbox or in a mailbox for deleted messages without the $NotJunk flag.

    This is kind of a minimal implementation. I would like to make the rules above configurable, e.g., if one wants to block more or allow more by default.

    Let me know if you do not experience the behavior described above. I've marked the ticket as resolved.

    Feel free to create a new request for more configuration of junk handling. You can also comment on this ticket if you like.

    Btw: Thanks for trying out MailMate.

  • benny

    benny February 19th, 2011 @ 10:25 AM

    • State changed from “resolved” to “fixcommitted”

    Well, I feel I'm being pretty strict at the moment. I'm mostly getting
    requests for making MailMate better at recognizing emails from sources
    which have been trusted in the past. But I agree that any attempts to be
    smart in this area is a recipe for trouble. I'll probably end up with
    strict defaults and options to make it less strict.

    Your screenshot was very helpful. I think the problem is that the
    message has the \Deleted flag set. That means that the message is not
    shown in the Inbox (the universal one) and this is also the one used for
    my test of location. MailMate does not itself really use the \Deleted
    flag, so it has been set by another client (which explains why I did not
    notice this problem sooner). As a quick fix I now include all messages
    with the \Deleted flag in the set of untrusted messages. (I know you
    would like it to be stricter.)

    Let me know if you do not think this was the problem.

    And yes, when a message is blocked, MailMate does not fetch anything.

    Unrelated: Notice “View ▸ Distortion Mode”. It is kind of a
    proof-of-concept, but the purpose is exactly to help send screenshots
    (although mailbox names are not distorted).

    And thanks for the encouraging comment!

    [state:fixcommitted]

  • benny

    benny March 5th, 2011 @ 05:20 PM

    • State changed from “fixcommitted” to “fixreleased”
  • benny

    benny March 7th, 2011 @ 08:31 AM

    First, why it did not block the message (whether that is a an “ill-conceived” design or not): See the rules in the first comment in this ticket. Essentially, MailMate currently trusts most things outside the Inbox.

    As previously stated, I DO want to improve this. The current solution is a temporary attempt at satisfying users both like you and those who feel just as strongly that MailMate should not block images as often as it does.

    Now, we're in luck, because I was going to look at this and related issues today and hopefully that means a solution which is also going to satisfy you. If you have time then you are most welcome to write me a private email (use “Send Feedback...“ in the Help menu if you haven't switched mail application yet). You would then be able to comment on any changes before the next public update.

  • benny

    benny March 7th, 2011 @ 01:37 PM

    I'm working on it now, but I just realized there is a quick solution to always block external references. Go to the Terminal and paste the following (you should quit MailMate first):

    defaults write com.freron.MailMate MmBlockedMessagesQuery '$Msgs'
    

    It could be made more lenient if you like (I guess not) such as:

    defaults write com.freron.MailMate MmBlockedMessagesQuery '$Msgs.filter(#flags.flag !=[x] "$NotJunk")'
    

    (I haven't tested the second one.)

    And no, there is no documentation for the query “language”.

    The above method is already deprecated, but it'll work until the next update.

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Mac OS X email client.

Shared Ticket Bins

People watching this ticket

Pages