Always show images from firstname.lastname@example.org
Saturday, February 28, 2009 7:02:14 PM
We also know there are good reasons to show linked images, for instance from a shop you have subscribed to that has some good deals every week. However, GMail gives me the option of always showing images from a certain email address. Do not trust this feature!
Let's say you've subscribed to newegg.com and they send out weekly offers from email@example.com. All a spammer has to do is send out an email to loads of people, forge their address as firstname.lastname@example.org and your email service (GMail isn't alone) will display the picture. The spammer of course links to images on their own server and records your email address as active. However they would also know you're a newegg.com subscriber!
What should have been done is accepting images from a certain domain, as in "Allow images from newegg.com?". That I could trust.