Show remote content in messages sent TO a given address

UNCONFIRMED
Unassigned

Status

Thunderbird
Security
UNCONFIRMED
3 years ago
3 years ago

People

(Reporter: Dave, Unassigned)

Tracking

38 Branch

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

3 years ago
User Agent: Mozilla/5.0 (Windows NT 6.0; rv:39.0) Gecko/20100101 Firefox/39.0
Build ID: 20150630154324

Steps to reproduce:

Found no way for "Show remote content" filter to always show remote content in messages SENT TO a specific RECIPIENT. 

When using a forwarding address from Blur (formerly MaskMe) each individual message from a specific sender arrives from a forwarding SENDER address unique to that specific message. 

Only the RECIPENT'S forwarding address remains the same, e.g. whatever@opayq.com


Actual results:

I and many others are using Abine's Blur (formerly MaskMe), which generates temporary forwarding email addresses on the fly, to help block SPAM, if & when it starts to arrive. 

When I use one of these addresses, I often see "To protect your privacy, Thunderbird has blocked remote content in this message."

At present, the only filtering options offered by T-bird are:

- Show remote content in this message (only)
- Edit remote content options...
- Allow remote content for [sender]) 
- Allow remote content for <URI>

However, none of these would work for showing any future content sent to my Blur address, because 

- the address from which the message is sent is unique for each message

- the remote content is not always from the same location 

- I don't want to override T-bird's protection from unknown remote content altogether, and 

- I don't want to have to elect to "Show remote content in this message" every time. 

Because the messages are always sent to the same address, which is unique to the actual sender, I would like to be able to enable remote content for all messages sent TO a particular address, just as when I create a Message Filter in T-bird. In effect, this would function the same as whitelisting a particular sender, because each address is only given to one sender, unless & until they share it, of course. As soon as that happens, I block the address. 

This would be quite useful: 

- Show remote content in this message (only)
- Edit remote content options...
- Allow remote content for [sender]) 
- Allow remote content for <URI>
NEW - Allow remote content sent to [my unique address]


Expected results:

Suggestion:


This change to the Options menu within each message would be quite useful: 

- Show remote content in this message (only)
- Edit remote content options...
- Allow remote content for [sender]) 
- Allow remote content for <URI>
NEW - Allow remote content sent to [my unique address]
(Reporter)

Comment 1

3 years ago
Because "Allow remote content sent to Recipient's address" might be accidentally used by someone to effectively allow ALL remote content in nearly ALL of the emails they receive, it might be better to allow wildcards (*) when manually editing the list of exceptions from Tools:Options:Privacy:Mail Content. 

This would enable more advanced users to create exceptions for *@opayq.com or any other domain, as well as *.amazonaws.com, *.cloudfront.com/*.cloudfront.net, or *.akamai.com/*.akamai.net

Updated

3 years ago
Component: Untriaged → Security
You need to log in before you can comment on or make changes to this bug.