[MlMt] Why does MailMate tries to go to the internet when I click a link in a message?

Bill Cole mmlist-20120120 at billmail.scconsult.com
Sat Jun 8 10:32:27 EDT 2024


On 2024-06-08 at 02:48:24 UTC-0400 (Sat, 08 Jun 2024 16:48:24 +1000)
leo <mailmate at lists.freron.com>
is rumored to have said:

> Hello fellow MailMaters
>
> I have installed Little Snitch, and now I observe something _very strange_ with MailMate: I have switched off downloading images on display and MailMate beys this: *On viewing* a message no internet request dialog is displayed by Little Snitch. So far so good.
>
> However, when I *click a link* in this message I get a notification from Little Snitch that MailMate (not the browser where the link will open!) wants to access the link.
>
> For example I have a message with a YouTube link (and it is really a plain YouTube link; nothing with intermediate analytics). When I click that link, Little Snitch shows the following dialog:
>
> ![](cid:82D0C62D-56BE-487C-B879-3EE3CED8F967 at halloleo.hailmail.net "Screenshot 2024-06-08 at 6.29.22 AM.jpg")
>
> Why does this happen?


I noticed that too and reported the bug in LS. The reply from ObDev was that this a known issue and blamed the bug on macOS.

That is the logical place for blame. MM is just telling the system to tell the browser to open a connection. LS is capable of handling that in some circumstances, e.g. if you use curl in a Terminal window, LS alerts citing both programs and will really block the connection if told to do so. LS is doing something that it presents as the ability to block the connection, and it generally works in other circumstances. The system is doing networking that is getting around LS somehow where it should not.

On the other hand, it is arguable that this should be ignored by LS entirely. You are clicking a link. That ultimately results in the browser making a connection. It is that browser action that LS should be catching, but since most LS users let their browser connect anywhere, it really should be allowed without any alert. This isn't something behind the scenes making a connection autonomously for unknown purposes, it is the user clicking a link. If we've reached the point where we need a supervisory program asking confirmation for every intentional link we have lost the security battle.


-- 
Bill Cole


More information about the mailmate mailing list