Remote content whitelisting needs to rely on something other than specific From:

RESOLVED DUPLICATE of bug 953426

Status

()

--
enhancement
RESOLVED DUPLICATE of bug 953426
12 years ago
4 years ago

People

(Reporter: lgrosenthal, Unassigned)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

12 years ago
User-Agent:       Mozilla/5.0 (OS/2; U; Warp 4.5; en-US; rv:1.9a2pre) Gecko/20070206 MultiZilla/1.8.3.0a SeaMonkey/1.5a
Build Identifier: Mozilla/5.0 (OS/2; U; Warp 4.5; en-US; rv:1.9a2pre) Gecko/20070206 MultiZilla/1.8.3.0a SeaMonkey/1.5a

I posted to Yahoo Groups. I recieved a copy of my posting, which came down (as expected) with all of that added junk from Yahoo (because it's impossible to just get nice plain text from them anymore). The Remote content filter kicked in and asked me if I always wanted to load remote content from...myself.

Reproducible: Always

Steps to Reproduce:
1. Post to a mailing list which sends messages in HTML.
2. Wait for receipt of your own posting.

Actual Results:  
Content filter bar appears in message, stating, "Click here to always load remote content from you@yourdomain."

Expected Results:  
Content filter bar should appear, but filtering should be on sending server, domain, or service.

Headers (excerpted) from Yahoo Groups (as an example):

Return-Path: <sentto-7504610-922-1171292791-me=mydomain.com@returns.groups.yahoo.com>
Received: from mxout2.mailhop.org ([63.208.196.166] verified)
  by mydomain.com (CommuniGate Pro SMTP 5.1.3)
  with ESMTP id 871332 for me@mydomain.com; Mon, 12 Feb 2007 10:06:48 -0500
Received: from mxin2.mailhop.org ([63.208.196.176])
	by mxout2.mailhop.org with esmtp (Exim 4.63)
	(envelope-from <sentto-7504610-922-1171292791-me=mydomain.com@returns.groups.yahoo.com>)
	id 1HGclP-0009uW-Cy
	for me@mydomain.com; Mon, 12 Feb 2007 10:06:44 -0500
Received: from n31c.bullet.scd.yahoo.com ([66.94.237.8])
	by mxin2.mailhop.org with smtp (Exim 4.63)
	(envelope-from <sentto-7504610-922-1171292791-me=mydomain.com@returns.groups.yahoo.com>)
	id 1HGclP-000F6o-1X
	for me@mydomain.com; Mon, 12 Feb 2007 10:06:43 -0500
Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=lima; d=yahoogroups.com;
	b=RyrFoVt8+Bv4jaGy0Wf4z8Ofce9w93WXyFY2zHsqK3eMQ4tzz4bO8Dy4BRhw4xKZWZ+1z87eLAGfxA1Bytndiw3Xa2FFgVLwrvCEarseS69TRF3IqSTnh0NwpkynJ7Yy;
Received: from [209.73.164.83] by n31.bullet.scd.yahoo.com with NNFMP; 12 Feb 2007 15:06:34 -0000
Received: from [66.218.66.32] by t7.bullet.scd.yahoo.com with NNFMP; 12 Feb 2007 15:06:33 -0000
X-Yahoo-Newman-Id: 7504610-m922
X-Sender: me@mydomain.com
X-Apparently-To: SkyPilot@yahoogroups.com
Received: (qmail 81344 invoked from network); 12 Feb 2007 15:06:29 -0000
Received: from unknown (66.218.67.36)
  by m26.grp.scd.yahoo.com with QMQP; 12 Feb 2007 15:06:29 -0000
Received: from unknown (HELO mydomain.com) (xxx.xxx.xxx.xxx)
  by mta10.grp.scd.yahoo.com with SMTP; 12 Feb 2007 15:06:28 -0000
Received: from [192.168.100.25] (account me [192.168.100.25] verified)
  by mydomain.com (CommuniGate Pro SMTP 5.1.3)
  with ESMTPA id 871309 for SkyPilot@yahoogroups.com; Mon, 12 Feb 2007 10:00:58 -0500
Message-ID: <45D08128.9050008@mydomain.com>
Organization: My Organization
User-Agent: Mozilla/5.0 (OS/2; U; Warp 4.5; en-US; rv:1.9a2pre) Gecko/20070206 MultiZilla/1.8.3.0a SeaMonkey/1.5a
To: Sky Pilot <SkyPilot@yahoogroups.com>
X-Originating-IP: xxx.xxx.xxx.xxx
X-eGroups-Msg-Info: 1:0:0:0
From: Me <me@mydomain.com>
X-Yahoo-Profile: me
Sender: SkyPilot@yahoogroups.com
MIME-Version: 1.0
Mailing-List: list SkyPilot@yahoogroups.com; contact SkyPilot-owner@yahoogroups.com
Delivered-To: mailing list SkyPilot@yahoogroups.com
List-Id: <SkyPilot.yahoogroups.com>
Precedence: bulk
List-Unsubscribe: <mailto:SkyPilot-unsubscribe@yahoogroups.com>
Date: Mon, 12 Feb 2007 10:00:56 -0500
Subject: [SkyPilot] Upgrading to 1/2007 SM build makes some messages invisible
Reply-To: SkyPilot@yahoogroups.com
X-Yahoo-Newman-Property: groups-email-ff
Content-Type: multipart/alternative;
 boundary="5f5cUu9fXpuNOPheeA9tviJTYV2dpbwWYR6bbF-"

Perhaps:

Delivered-To: or
X-Apparently-To:

if present?

Updated

12 years ago
Severity: minor → enhancement
Summary: Remote content filter needs to rely on something other than From: → Remote content whitelisting needs to rely on something other than specific From:

Comment 1

11 years ago
I agree with Lewis Rosenthal that this enhancement is needed.

Not only for a copy of any posts I make to a group, but also for all other messages from that group. If remote content is to be allowed, using just the header 'From:' field, means that all members of a group would end up in my address book, instead of just one for the group.

As well as 'Delivered-To:' and 'X-Apparently-To:', I would add the header fields 'Sender:' and Reply-To:' also.

Dave Young.
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9pre) Gecko/2008041601 SeaMonkey/2.0a1pre

I have a similar problem. I'm subscribed to a newsletter which sends one mail per week, but the From line is different every time (it's something like 2352.euabwd@campaign.citobi.be). The subject is almost always the same, and I have a filter to move it out of my Inbox and into a specific folder. I would be much happier if I could whitelist the remote images
- either on *part* of the from-line
- or on all or part of the Subject
- or (best) as an additional Action in the filter.

Confirming on Trunk and adding my vote.
Assignee: mail → nobody
Status: UNCONFIRMED → NEW
Component: MailNews: Main Mail Window → Image Blocking
Ever confirmed: true
Product: Mozilla Application Suite → Core
QA Contact: image-blocking
Version: unspecified → Trunk
I'd like to see "Allow Remote Content" as a new filter action. Is it this bug or would it be useful to report a new RFE bug in the "Mailnews Core::Filters" component?
Yeah, something better is needed here. The concept of having to add somebody to my address book in order for remote content to load doesn't really make sense anymore (maybe it never did?).

I, however, lack any creative ideas...

Comment 5

8 years ago
I am not a programmer and can add nothing constructive.

I can, however, give an example of why this enhancement request should be reconsidered for higher priority.

I receive spam from "myself" on a frequent basis; my professional e-mail address is posted on my site, and my address is frequently used as both the sender and recipient.

Today "I" sent myself an e-mail with remote content in it.  The remote content wasn't hosted on my server, however; it's hosted on a totally unrelated site, http://motivated.lover.com/<snip>/versa.jpg, and it's coded to link to http://onlineingra32m.ru/<snip>

(It's just a pharma link, but the addresses looked like they were coded to be unique.)

As a user of the software, I disable automatic loading of remote content unless I know who has sent it to me.

Now I discover that I'm the one sending e-mail with remote content, and it's immediately obvious to me that I don't want to enable all mail from a particular e-mail address to send me remote content from everywhere else in the world.  I want that person to be able to send me content from his or her server only, or I want to vet each server they use on a case-by-case basis.

Submitted for your consideration.

-- Tim
Timothy J. McGowan

Comment 6

7 years ago
This is specific case of Bug #249191, which requests ability to add a filter action to enable remote content.  

Its not just mailing lists, its also some more generic senders, in particular as more messenging moves to facebook which abuses the From: line to make it specific to a conversation.

Comment 7

4 years ago
I consider that bug 953426 address this issue. In case you seems it is not, please open a new specific bug.
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 953426
You need to log in before you can comment on or make changes to this bug.