[MlMt] Download Images still downloads 1 pixel ones

Sam Birch list.mailmate at munkynet.org
Mon May 9 17:31:09 EDT 2022


On 9 May 2022, at 12:32, Randall Gellens wrote:

> The difference between "Blocked" and "Strictly Blocked" is that the 
> latter uses a list of known-undesirable sources?

I believe so.

> Given this, I assume the purpose of the warning that a 1-pixel image 
> has been downloaded is to let the user know that the message whose 
> embedded images were downloaded contains obvious trackers?

That’s my understanding.

> Yet, the message may very likely be from a "good" source but sent 
> using a commercial mail distribution service which adds its own 
> trackers.

I agree.

> It would be more helpful if the warning would add the source of each 
> just-downloaded 1-pixel image to the "Strictly Blocked" list. Sort of 
> a "Fool me once, shame on you; fool me twice, shame on me" thing.

Yes, that would be nice.

Benny has expressed vague interest in allowing users to manage the image 
block/allow patterns through the UI, but I don’t think it’s a 
priority currently. In the mean time, take a look at the advanced 
preference `MmAllowedImageURLRegexp`.

I’ve been using this for years to unblock benign remote images, so 
that I hardly ever feel the need to click the “Download” button. I 
have a script that maintains it for me (but I have to add the patterns 
manually). Here’s the script:

```perl
#!/usr/bin/env perl

use Modern::Perl;
use autodie ':all';

my @pats = (
     'cid:',
     'https://([A-Za-z0-9-]+\.)?s3[A-Za-z0-9-]*\.amazonaws\.com/',
     'https://assets\.wildbit\.com/',
     'https://www\.google\.com/s2/favicons\?',
     'https://(images|links|www)\.mint\.com/',
    #'https://github\.com/', # disabled because of 
/notifications/beacon/
     'https://assets\.sk-static\.com/',
     'https://www\.zillow\.com/',
     'https://(www|photos)\.zillowstatic\.com/',
     'https://pumcgit\.prefutil\.local/',
     'https://(?:[A-Za-z0-9-]+\.)?googleusercontent\.com/',
     'https://gallery\.mailchimp\.com/',
     'https://cdn-images\.mailchimp\.com/',
     'https://www\.ups\.com/',
     'https://connect\.gardnermuseum\.org/',
     'https://media\.zipcar\.com/',
     'https://maps\.googleapis\.com/',
     'https://images\.craigslist\.org/',
     'https://home\.sophos\.com/',
     'https://media\.mlspin\.com/',
     'https://www\.cvs\.com/',
     'https://(?:[A-Za-z0-9-]+\.)?patreon\.com/',
     'https://(?:[A-Za-z0-9-]+\.)?patreonusercontent\.com/',
     'https://amherstcinema\.org/',
     'https://files\.constantcontact\.com/9c1b9ffb601/', # Amherst 
Cinema
     'https://(cms|img)\.chewy\.com/',
     'https://chirp\.media\.chewy\.cloud/',
     'https://proxy\.harvestfiles\.com/',
     'https://samhathaway\.harvestapp\.com/',
     'https://www\.gardencinemas\.net/',
     'https://img\.cnmhstng\.com/',
     'https://d1a2o89e23clzw\.cloudfront\.net/emails/', # XConfessions
     'https://cdn\.harrys\.com/',
     'https://cdn\.shopify\.com/',
     'https://cdn\.substack\.com/',
     'https://mcusercontent\.com/',
     'https://hilltownnetworks\.sonar\.software/',
     'https://f\.e\.walgreens\.com/i/',
     'https://mi\.walgreens\.com/p/',
     'https://www\.walgreens\.com/images/',
     'https://(?:[A-Za-z0-9-]+\.)?bcbits\.com/',
     'https://bandcamp\.com/',
     'https://www\.garnethill\.com/',
     'https://(?:[A-Za-z0-9-]+\.)?scene7\.com/',
     'https://static\.cdn\.responsys\.net/i2/responsysimages/quicken/',
     'https://endeavorexperiences\.com/',
     'https://image\.email\.bofi\.com/',
     'https://services\.google\.com/fh/files/emails/',
     'https://fonts\.gstatic\.com/s/i/googlematerialicons/',
     'https://materials\.proxyvote\.com/Approved/IMAGES/',
     'https://(?:[A-Za-z0-9-]+\.)?walmartimages\.com/',
     'https://(?:[A-Za-z0-9-]+\.)?mjt.lu/',
     'https://billpay\.schwab\.com/',
     'https://cdn\.platinumcloud\.io/',
     'https://d3k81ch9hvuctc\.cloudfront\.net/', # Simplehuman
     'https://media\.wordfly\.com/isabellastewartgardnermuseum/',
     'https://www\.etsy\.com/images/email/',
     'https://img\d*\.etsystatic\.com/',
     'https://i\.etsystatic\.com/',
     'https://cascade\.madmimi\.com/', # Gonzalez and Associates
     'https://d1lggihq2bt4jo\.cloudfront\.net/', # Gonzalez and 
Associates
     'https://www\.dreamwidth\.org/img/',
     'https://github\.githubassets\.com/',
     'https://www\.fastmail\.com/images/emailtemplates/',
     'https://www\.chase\.com/content/dam/chaseonline/en/alerts/images/',
     'https://static1\.squarespace\.com/static/',
     'https://image\.e-mail\.amtrak\.com/',
     'https://images\.ctfassets\.net/',
     'https://d15k2d11r6t6rl\.cloudfront\.net/', # Plex
     'https://media\.sailthru\.com/',
     'http://image\.sfmc\.petfinder\.com/',
     'https://image\.email\.ticketmaster\.com/',
     'https://t\.vitacost\.com/images/',
     'https://static\.airtable\.com/',
     'https://live\.staticflickr\.com/',
     'https://combo\.staticflickr\.com/',
     'https://bbeditbeta\.slack\.com/',
     'https://secure\.gravatar\.com/avatar/',
     'https://[A-Za-z0-9-]+\.slack-edge\.com/',
     'https://static\.xx\.fbcdn.net/',
     'https://scontent\.xx\.fbcdn\.net/',
     'https://www\.paypalobjects\.com/',
     'https://p\.ebaystatic\.com/',
     'https://i\.ebayimg\.com/',
     'https://rxhealthalerts\.com/[^/]+.png',
     'https://www\.chase\.com/content/dam/email/images/',
     'https://static\.chasecdn\.com/content/services/rendition/',
     'https://image\.link\.hellofresh\.com/lib/',
     'https://cdn\.hellofresh\.com/',
     'https?://mi\.hellofresh\.com/',
     'https://cash-s\.squarecdn\.com/static/',
     'https?://www\.ti\.com/content/dam/tinews/images/',
     'https?://www\.ti\.com/webemail/graphics/',
     'https://www\.ti\.com/graphics/',
     'https://images\.marketing\.ti\.com/EloquaImages/clients/TXInstruments/',
     'https://image\.email\.schwab\.com/',
     'https://images\.sk-static\.com/images/',
     'http://ordermanager\.spalding-labs\.com/themes/images/email_template/',
     'https://updates\.mailmate-app\.com/icons/',
);

my $pat = '(' . join('|', @pats) . ').*';

system "/usr/bin/defaults", "write", "com.freron.MailMate",
     "MmAllowedImageURLRegexp", "-string", $pat;

```

I edit the script in BBEdit (usually to add a pattern to `@pats`), save, 
and then use #! → Run to actually update the plist.

Hope someone finds this interesting.
-sam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freron.com/pipermail/mailmate/attachments/20220509/dddf6eb6/attachment-0001.htm>


More information about the mailmate mailing list