Comments on: What are Attachments?

By: Roan Horning

Roan Horning — Fri, 17 Oct 2008 16:10:09 +0000

The link preview feature looks useful. I would want the links to be listed in their own section of the screen (perhaps under any attachments) and marked as such. Not listed as an attachment. Another optionswould be for the link meta information to be shown in a pop-up window when the cursor is hovered over the link.

As far as security goes, you would have to apply at least the same level to the retrieved html as is applied to html emails by thunderbird. If you don’t execute javascript and cookies that takes care of a large portion of unintended consequences, but still leaves open having your email validated as good by following a link.

By: Blair McBride

Blair McBride — Sat, 23 Aug 2008 05:51:11 +0000

In regards to Andy Preston’s comments about showing previews for images, etc, have a look at the following mockups:

http://clarkbw.net/designs/msg-reader/

The relevant bug/discussion is https://bugzilla.mozilla.org/show_bug.cgi?id=449691

By: Blair McBride

Blair McBride — Sat, 23 Aug 2008 05:45:46 +0000

I know this has been said already by commenters, but I’d like like to re-iterate:

Not all links are locations. Some are actions. Fetching metadata for such links will perform those actions. That’s a Bad Thing ™.

Although, saying that, fetching the favicon for the domain would be safe and handy. Assuming its in the default location.

But otherwise, I think its a great idea. I’ve never used Facebook, but the ideas presented in those screenshots look good.

By: Mark

Mark — Fri, 22 Aug 2008 07:35:33 +0000

D’oh. Of course, after properly reading what you wrote (and not just what I thought you’d written), you’re talking about email *composition*.

In which case, you just need to get round the whole “HTML emails Are Evil(TM)” thing.

By: Mark

Mark — Fri, 22 Aug 2008 07:30:12 +0000

Be careful what you’re doing, following a link from untrusted, potentially malicious content (any of malware, spam or phishing).

There lie dragons…

(PS your email verifier + captcha tried to eat my comment)

By: nicu buculei

nicu buculei — Fri, 22 Aug 2008 06:35:41 +0000

The large majority of emails I get are from various FOSS mailing list, and usually such mails have a footer containing info and a link about subscribing/unsubscribing. (sometime those links are also inside of the body, because of defective clients/ people not trimming unnecessary parts)

I would *hate* to have those links standing in my way.

By: Andy Preston

Andy Preston — Fri, 22 Aug 2008 05:18:54 +0000

Not sure this completely what you are asking but… it would be nice if Thunderbird was able to either have a pane or a flyover that gave a preview of the page, and/or document that was “attached”. Right now Thunderbird will give a list of attached filenames, but what if that was a rendered preview of the attachments. In this case, any embedded URL’s could be considered an attachment, and be previewed. Since on most modern widescreens width is more available than height, the preview could be a pane on the RHS. As a continuation, when editing/composing an email, a thumbnail image could be attached and/or other data as the link rather than the traditional URL style link. Certainly any logic related to displaying a link in blue could activate more complex editing tools, maybe changing the toolbar to suit the task. At this point it starts to get into the OpenOffice/MS Word realm, and you should look towards consistency with those.

Andy

By: Lee

Lee — Fri, 22 Aug 2008 05:12:54 +0000

I think it’s going to be hard to develop a policy for which links can be scouted, unless it’s some sort of opt-in-by-domain or opt-in-by-sender rule, in which case there’s a problem of making the user aware of the feature. This isn’t a problem in Facebook since the messages are all sent by humans.

Also, despite guidance to contrary, many systems use HTTP’s GET method to represent actions which modify something (instead of the POST method), like confirming a password reset, removing a Google alert (yep, just tried it :() or similar.

The consequences of the policy being wrong might be that some sort of action is taken without the user even knowing, maybe even irreversible, so it’s important that it has no false positives.