Closed Bug 370165 Opened 13 years ago Closed 5 years ago
Remote content whitelisting needs to rely on something other than specific From:
User-Agent: Mozilla/5.0 (OS/2; U; Warp 4.5; en-US; rv:1.9a2pre) Gecko/20070206 MultiZilla/188.8.131.52a SeaMonkey/1.5a Build Identifier: Mozilla/5.0 (OS/2; U; Warp 4.5; en-US; rv:1.9a2pre) Gecko/20070206 MultiZilla/184.108.40.206a SeaMonkey/1.5a I posted to Yahoo Groups. I recieved a copy of my posting, which came down (as expected) with all of that added junk from Yahoo (because it's impossible to just get nice plain text from them anymore). The Remote content filter kicked in and asked me if I always wanted to load remote content from...myself. Reproducible: Always Steps to Reproduce: 1. Post to a mailing list which sends messages in HTML. 2. Wait for receipt of your own posting. Actual Results: Content filter bar appears in message, stating, "Click here to always load remote content from you@yourdomain." Expected Results: Content filter bar should appear, but filtering should be on sending server, domain, or service. Headers (excerpted) from Yahoo Groups (as an example): Return-Path: <email@example.com> Received: from mxout2.mailhop.org ([220.127.116.11] verified) by mydomain.com (CommuniGate Pro SMTP 5.1.3) with ESMTP id 871332 for firstname.lastname@example.org; Mon, 12 Feb 2007 10:06:48 -0500 Received: from mxin2.mailhop.org ([18.104.22.168]) by mxout2.mailhop.org with esmtp (Exim 4.63) (envelope-from <email@example.com>) id 1HGclP-0009uW-Cy for firstname.lastname@example.org; Mon, 12 Feb 2007 10:06:44 -0500 Received: from n31c.bullet.scd.yahoo.com ([22.214.171.124]) by mxin2.mailhop.org with smtp (Exim 4.63) (envelope-from <email@example.com>) id 1HGclP-000F6o-1X for firstname.lastname@example.org; Mon, 12 Feb 2007 10:06:43 -0500 Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=lima; d=yahoogroups.com; b=RyrFoVt8+Bv4jaGy0Wf4z8Ofce9w93WXyFY2zHsqK3eMQ4tzz4bO8Dy4BRhw4xKZWZ+1z87eLAGfxA1Bytndiw3Xa2FFgVLwrvCEarseS69TRF3IqSTnh0NwpkynJ7Yy; Received: from [126.96.36.199] by n31.bullet.scd.yahoo.com with NNFMP; 12 Feb 2007 15:06:34 -0000 Received: from [188.8.131.52] by t7.bullet.scd.yahoo.com with NNFMP; 12 Feb 2007 15:06:33 -0000 X-Yahoo-Newman-Id: 7504610-m922 X-Sender: email@example.com X-Apparently-To: SkyPilot@yahoogroups.com Received: (qmail 81344 invoked from network); 12 Feb 2007 15:06:29 -0000 Received: from unknown (184.108.40.206) by m26.grp.scd.yahoo.com with QMQP; 12 Feb 2007 15:06:29 -0000 Received: from unknown (HELO mydomain.com) (xxx.xxx.xxx.xxx) by mta10.grp.scd.yahoo.com with SMTP; 12 Feb 2007 15:06:28 -0000 Received: from [192.168.100.25] (account me [192.168.100.25] verified) by mydomain.com (CommuniGate Pro SMTP 5.1.3) with ESMTPA id 871309 for SkyPilot@yahoogroups.com; Mon, 12 Feb 2007 10:00:58 -0500 Message-ID: <45D08128.firstname.lastname@example.org> Organization: My Organization User-Agent: Mozilla/5.0 (OS/2; U; Warp 4.5; en-US; rv:1.9a2pre) Gecko/20070206 MultiZilla/220.127.116.11a SeaMonkey/1.5a To: Sky Pilot <SkyPilot@yahoogroups.com> X-Originating-IP: xxx.xxx.xxx.xxx X-eGroups-Msg-Info: 1:0:0:0 From: Me <email@example.com> X-Yahoo-Profile: me Sender: SkyPilot@yahoogroups.com MIME-Version: 1.0 Mailing-List: list SkyPilot@yahoogroups.com; contact SkyPilotfirstname.lastname@example.org Delivered-To: mailing list SkyPilot@yahoogroups.com List-Id: <SkyPilot.yahoogroups.com> Precedence: bulk List-Unsubscribe: <mailto:SkyPilotemail@example.com> Date: Mon, 12 Feb 2007 10:00:56 -0500 Subject: [SkyPilot] Upgrading to 1/2007 SM build makes some messages invisible Reply-To: SkyPilot@yahoogroups.com X-Yahoo-Newman-Property: groups-email-ff Content-Type: multipart/alternative; boundary="5f5cUu9fXpuNOPheeA9tviJTYV2dpbwWYR6bbF-" Perhaps: Delivered-To: or X-Apparently-To: if present?
Severity: minor → enhancement
Summary: Remote content filter needs to rely on something other than From: → Remote content whitelisting needs to rely on something other than specific From:
I agree with Lewis Rosenthal that this enhancement is needed. Not only for a copy of any posts I make to a group, but also for all other messages from that group. If remote content is to be allowed, using just the header 'From:' field, means that all members of a group would end up in my address book, instead of just one for the group. As well as 'Delivered-To:' and 'X-Apparently-To:', I would add the header fields 'Sender:' and Reply-To:' also. Dave Young.
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9pre) Gecko/2008041601 SeaMonkey/2.0a1pre I have a similar problem. I'm subscribed to a newsletter which sends one mail per week, but the From line is different every time (it's something like firstname.lastname@example.org). The subject is almost always the same, and I have a filter to move it out of my Inbox and into a specific folder. I would be much happier if I could whitelist the remote images - either on *part* of the from-line - or on all or part of the Subject - or (best) as an additional Action in the filter. Confirming on Trunk and adding my vote.
Assignee: mail → nobody
Status: UNCONFIRMED → NEW
Component: MailNews: Main Mail Window → Image Blocking
Ever confirmed: true
Product: Mozilla Application Suite → Core
QA Contact: image-blocking
Version: unspecified → Trunk
I'd like to see "Allow Remote Content" as a new filter action. Is it this bug or would it be useful to report a new RFE bug in the "Mailnews Core::Filters" component?
Yeah, something better is needed here. The concept of having to add somebody to my address book in order for remote content to load doesn't really make sense anymore (maybe it never did?). I, however, lack any creative ideas...
I am not a programmer and can add nothing constructive. I can, however, give an example of why this enhancement request should be reconsidered for higher priority. I receive spam from "myself" on a frequent basis; my professional e-mail address is posted on my site, and my address is frequently used as both the sender and recipient. Today "I" sent myself an e-mail with remote content in it. The remote content wasn't hosted on my server, however; it's hosted on a totally unrelated site, http://motivated.lover.com/<snip>/versa.jpg, and it's coded to link to http://onlineingra32m.ru/<snip> (It's just a pharma link, but the addresses looked like they were coded to be unique.) As a user of the software, I disable automatic loading of remote content unless I know who has sent it to me. Now I discover that I'm the one sending e-mail with remote content, and it's immediately obvious to me that I don't want to enable all mail from a particular e-mail address to send me remote content from everywhere else in the world. I want that person to be able to send me content from his or her server only, or I want to vet each server they use on a case-by-case basis. Submitted for your consideration. -- Tim Timothy J. McGowan
This is specific case of Bug #249191, which requests ability to add a filter action to enable remote content. Its not just mailing lists, its also some more generic senders, in particular as more messenging moves to facebook which abuses the From: line to make it specific to a conversation.
I consider that bug 953426 address this issue. In case you seems it is not, please open a new specific bug.
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 953426
You need to log in before you can comment on or make changes to this bug.