[MlMt] Collecting Spy Sheets: CSS allows user tracking in emails

[Bill Cole]

On 2025-03-05 at 08:19:38 UTC-0500 (Wed, 05 Mar 2025 14:19:38 +0100)
Benny Kjær Nielsen <mailmate at lists.freron.com>
is rumored to have said:

> On 5 Mar 2025, at 1:11, Michael Nietzold wrote:
>
>> Is MailMate safe for Collecting Spy Sheets?
>
> MailMate should block everything,

As is proper for mail clients. Doing otherwise is user-hostile.

> but I'm naturally interested if that should fail in any way. If you 
> allow fetching external resources (in general or for a specific email) 
> then MailMate does not protect you in any way.

Well, there is the option to block "known" trackers etc. If a user 
really wants to load *all* remote content, it would be wrong to refuse. 
It is good that MailMate's default is safe, and that it makes the 
function obvious as a security  measure.

[...]
> In general, I don't guarantee anything since people come up with some 
> really smart tricks -- and some times I introduce new bugs. Quite a 
> lot of MailMate users seem to also be using Little Snitch and someone 
> will usually write to me when the latter happens :)

MailMate has done a great job of attracting security-minded mail-smart 
people. We've got multiple authors of email RFCs on this list. There's 
little chance of a significant problem being missed.


-- 
  Bill Cole
  bill at scconsult.com or billcole at apache.org
  (AKA @grumpybozo at toad.social and many *@billmail.scconsult.com 
addresses)
  Not Currently Available For Hire