- GMail (and Fastmail) are rendering the email. It just happens that the email and we webbrowser are both HTML. In no case should they just literally forward the email HTML to the browser. They scrub JavaScript, non-whitelisted HTML elements, rewrite links/external resources including tracking pixels.
You can see the raw email with "show original" in the options
- > They scrub ... non-whitelisted HTML elements
Any documenation on that list?
- https://help.zapier.com/hc/en-us/articles/8496101927181-What...
I don't think there is an official list. It is security-related and changes over time
- Meh, macOS’s Mail.app approach of everything-but-the-JavaScript is great and I wish outlook & Gmail did it too
- I don't get what the problem is? Gmail turns text that looks like a link into a clickable link. What could the negative implications of that be?
- Facilitating phishers.
- If they have some system to edit emails as they come in, then other less benign editing could be present, either profitable-malicious or from a bug. With no indication of editing and no easy way to view an unedited email this would also fly under the radar in many cases.
- Why in the world are you and the op calling this "editing"?
Like, the OP clearly does not understand the distinction between rendering the email and storing it, given their "evidence". But you do understand the difference. Why take their confusion at face value like that?
- I was answering the question about why it would be a problem if the evidence is correct. If the evidence is valid is a separate issue which I made a separate comment about.
- The OP is not calling editing.
And storing? How is that in any way relevant?
- Fair enough, sorry about that. You called it "tampering" and "alteration". But honestly I don't see any distinction to "editing". All of those imply that the email is being changed. It isn't. The email is stored on disk just like it was sent, and that is observable in a number of ways (show original, fetch it with imap, forward the email).
And that's why storage is relevant. Your complaint was apparently just about how the email is rendered. There is no standard for how that should be done. Like, did you complain that your emails were being tampered with back in the day when you wrote them in a terminal with a fixed width font but someone viewed them in Outlook with a variable width font? I'd like to say that of course you didn't, because what would be a totally absurd complaint, but then again so is your actual complaint as well.
- > does Gmail have any "Display un**ed" option?? Er, no.
On the email, click the dotdotdot, show original. https://imgur.com/a/ymjtfCI
- In what client are you viewing this in your screenshots? If their web mail client displays things as links that's much less concerning to me than the SMTP backend tampering. It's expected for an email client to have quality of life features.
- The client is as per the labels. Gmail, Fastmail.
> It's expected for an email client to have quality of life features.
Yup. Phishers deserve quality too!
Consider a phish-warning email saying "genuine emails from us will never contain links"... showing these links.
- Outlook’s done this for like a decade? Ditto Apple mail.
I think they do the same with email addresses and phone numbers too, it’s kind of useful and not a big deal.
- All web clients choose how to render their emails and there will be variations. This is not tampering.
- It is, where the alteration is unauthorised.
I do not recall the Google terms seeking such authorisation.
Is there even an option to disable?
- I’m so confused. Isn’t Amazon.co.uk their official domain in the UK? How is that link a scam?
- The OP is not claiming that the link is being changed; the complaint is that a hyperlink is being generated from the plaintext URL. The HTML body of the email is being modified.
- No-one said that link is a scam. But the next one could be.
- I'm afraid my righteous indignation only flickered slightly.
- [flagged]
9 points by chrisjj 8 hours ago | 21 comments