Email experiments: filtering out external images

ChrisLTD · 2026-01-30T21:01:12 1769806872

I filter emails with the word "unsubscribe" into a separate folder (label in Gmail). If you can unsubscribe from it, it's probably not critical. The vast majority of transactional emails (password resets, magic login links, 2fa codes) don't have that wording in the email body.

iamacyborg · 2026-01-30T21:10:00 1769807400

This fails under CASL (Canadian Anti Spam Law) where transactional mail is required to provide an unsub mechanism. A lot of senders likely don’t bother personalising those emails based on recipient country.

Marsymars · 2026-01-30T21:43:52 1769809432

There must be some nuance to this - e.g. I just double-checked a bank 2FA email from a bank that only has Canadian operations, and it doesn't have an unsub mechanism. I don't know how an unsubscribe mechanism for a 2FA email that you get after entering a correct password would even function.

iamacyborg · 2026-01-30T22:22:18 1769811738

The unsub would only be for marketing emails, not for transactional ones, even if included in the transactional email.

amlozano · 2026-01-30T21:47:16 1769809636

Maybe it’s ok to email a person after they click a button that says “mail me my 2fa” code? Not a lawyer but it feels right that if I say it’s ok to send me a one off email explicitly, it can omit an unsubscribe

Marsymars · 2026-01-30T22:11:53 1769811113

I don't think I've ever seen a button that says "mail me my 2fa code". The workflow basically always goes like this:

1. I enter username/password and click "sign in". 2. Agorithms run on the server. 3. If the algorithms think "suspicious" I'm redirected to an "enter your emailed code" page and automatically send me an email.

In any case, the top of this thread was specifically referring to this type of transactional email.

Taking a quick look at my email history, I have a whole pile of transactional mail (from Canadian entities) with no unsubscribe links: a bank email notifying reception of a complaint, a bank email about my paycheque saying "You received this mandatory email alert to update you on transaction details", various order confirmation emails for things I purchased online, etc.

zoky · 2026-01-30T23:59:41 1769817581

I see them all the time. Usually it’s in the form of “choose your 2FA method” and it gives you a choice between SMS/email/phone call or whatever.

Neywiny · 2026-01-30T21:41:46 1769809306

I do this too, and in my experience, if it's important enough and I've missed it they'll call. Currently undergoing a major (positive) life event that's had more than a few of those cases. The other issue I run into is when somebody forwards me an email. I don't know if gmail filters can whitelist those but that's always led to me missing something important.

asadm · 2026-01-30T23:27:29 1769815649

Related: GMail has an option to disable loading images by default. Which helps me escape tracker pixels and also know if a "human-like" email still has a tracking pixel or not.

Pyrodogg · 2026-01-31T05:25:31 1769837131

It also helps avoid "oo shiny!" distractions and helps keep the focus on the message.

fhdkweig · 2026-01-31T01:14:43 1769822083

Mozilla's Thunderbird also has this feature. I'd imagine most security conscious mail reader/browsers do.

have_faith · 2026-01-31T01:23:11 1769822591

So does Apple Mail, for anyone wondering.

yearolinuxdsktp · 2026-01-31T02:42:02 1769827322

Fastmail.fm (a paid mail provider) also has a feature to not load remote images, and it’s on by default.

You can also set up arbitrarily complex filtering rules using Sieve, if the built-in rules UI is not sophisticated enough.

c0balt · 2026-01-31T04:11:39 1769832699

To add some more mailbox.org also has it with sieve rules. Posteo should have it too iirc

davchana · 2026-01-31T04:34:56 1769834096

Long time ago somebody told that gmail pre fetches all images, so tracker pixels report exactly one open occurrence for images in gmail email.

mgarciaisaia · 2026-01-31T07:10:55 1769843455

Disabling external images was the default until they started proxying+caching the images themselves. So now _by default_ clients get to see the images without sending tracking data to the senders - Google doesn't like competition.

I still keep the images disabled, though. In most cases, you don't care about what's there in the images anyway.

taftster · 2026-01-30T22:04:21 1769810661

OK, but who uses email anymore for personal communication?

At least for most people in my circle, family is using a social media platform or iMessages. And work is using Teams or Slack or whatever.

Work email is basically useless at this point. I'm completely drowning in various Teams chats created specifically for each "thread" of conversation, with just enough people to make it unique. Or inversely, created with too many people and all conversation is just lost to infinite scroll and walls of text.

I'd pine for a return to email. But no one uses it anymore. Only companies trying to get my attention and a few important forwards for tax receipts. I think email is dead.

benjojo12 · 2026-01-30T22:36:44 1769812604

We must live in very different universes because most of my business is conducted over email!

aezart · 2026-01-30T23:53:53 1769817233

Teams messages expire in 30 days at my job, we use email for anything that needs a paper trail

rorylawless · 2026-01-31T00:00:44 1769817644

Yup, email is usually the preferred communication tool of record. In a previous job, our messages on Teams were wiped after 8 days so anything that needed to be recorded had to be in an email or some form of document.

qingcharles · 2026-01-31T01:22:19 1769822539

And some platforms like Slack, WhatsApp (and previously Skype) make trying to find archived information such a slog as to not be worth it.

I can search email in two seconds.

red_admiral · 2026-01-30T20:37:52 1769805472

Here's another trick someone should build in: email using emoji in the subject line is probably advertising. Sometimes from lists you like being subscribed on, but if the subject uses U+2757 (big red exclamation mark) then it's more likely "SALE ENDS TOMORROW" and less "Your order shipped!"

EDIT: HN apparently filters out that code point. Good on you.

duskwuff · 2026-01-30T21:18:50 1769807930

Unfortunately, eBay uses emoji in the subject lines for a bunch of their transactional email, e.g. "<U+1F4E6>ORDER DELIVERED".

taftster · 2026-01-30T22:06:15 1769810775

Which is why they go to spam so often.

Imustaskforhelp · 2026-01-30T21:44:16 1769809456

> Unfortunately, eBay uses emoji in the subject lines for a bunch of their transactional email, e.g. "<U+1F4E6>ORDER DELIVERED".

Don't really use G-mail (I personally use proton) so I am not sure but can't special exceptions be made for E-bay if that's the case?

duskwuff · 2026-01-30T23:06:45 1769814405

GMail doesn't currently have any feature to do that kind of filtering.

drnick1 · 2026-01-31T00:25:47 1769819147

Alternative: Run your own server so that you can have as many mailboxes/aliases as you want. Give each webiste, company, or even person a different alias. The moment you receive spam, revoke the alias, and optionally name and shame spammers.

Some email providers and postfix also allow the creation of dynamic aliases of the form user+alias@example.com.

qingcharles · 2026-01-31T01:18:50 1769822330

I use unique emails for every sender.

One thing I noticed is that most mailing lists now have a header that identifies them with a specific ID. When I click "Make rule from this email" in Fastmail the primary option is to sort it by that header, not by the sender or receiver. That way only the marketing emails get redirected and not transactional ones from the same sender.

List-Id: A Structured Field and Namespace for the Identification of Mailing Lists

https://www.ietf.org/rfc/rfc2919.txt

c0balt · 2026-01-31T04:14:55 1769832895

A reasonable alternative, if you value deliverability and don't want the actual hassle of maintaining a mail server, choose a mail provider, like mailbox.org, that allows bringing your own domain.