MailSpring should use Safe Settings by default


MailSpring should provide safe settings by default, for example (and not limited to) :

  • should not process attachments to create thumbnails by default
  • should not load mail pictures by default

If an argument must be put on the table, you can look at Zero Click attacks; and it is not the sole problem that can happen when a user opens up a random email.

MailSpring must consider that user should have a chance to read/inspect/delete an email before any payload can be triggered because MailSpring does too much processing.