[security] showing domain favicon of junk email could be an issue

I believe the senders email icon is fetched from the domain favicon.

This could be used for tracking.

Perhaps better keep emails in junk email completely offline / non-interactive (no images, no links, no read receipt).
(Also the same should be valid for junk email moved to trash - I don’t know how eMC does this currently but Outlook (:person_facepalming:) used to lift all restrictions for deleted junk email.)

1 Like