I know that it is possible for a spammer to generate an email that claims to be from a certain sender, regardless of whether it actually is. They could use that to send me mail purporting to be from something well-known (like my bank) and thus force my browser to download an image file from their site.
I'd happily approve an option that said "always display images from this site", but it's from the SENDER which can be spoofed, so I'm afraid to use this feature.
Am I overlooking something? Does Google do something here so that this is actually safe? Is there a better way I can handle this than downloading images on each message individually when I go to view it?
Best Answer
Most of the time when a email address is faked Gmail will warn you. The image is most likely being only allowed if it's from a certain URL anyway, so if it isn't, it's pretty likely Gmail would either warn you it's not from the sender or ask if you still want to view it.