Why You Should Disable Automatic Image Loading in Email

Here’s a simple security step that most people overlook: turning off automatic image loading in your email client. It takes about two minutes to set up and closes a real tracking and attack vector.

The Problem with Email Images

When your email client automatically loads images, it contacts the sender’s server to fetch them. That server request reveals information about you:

• Your email address is valid and active
• Which email client and version you’re using
• Your IP address
• Your internet service provider
• Your approximate location

Marketers use this to track open rates, which isn’t always harmful. But spammers and attackers use the same technique to build profiles for targeted phishing campaigns. They combine this data with information from your social media accounts to craft convincing attacks.

Beyond tracking, images can also:

• Contain hidden malicious code
• Link to malware downloads
• Serve as beacons that confirm you’re a viable target

Why Blocking Helps

• Stops tracking – if you don’t load images, senders can’t confirm you opened their email
• Blocks malicious content – embedded malware never gets a chance to execute
• Saves bandwidth – emails load faster, especially on slower connections or mobile data plans
• Filters offensive content – unwanted images never display

Well-designed emails use ALT text to describe images, so you’ll still understand the content even with images turned off. You can always choose to load images from senders you trust.

How to Set It Up

Outlook

To block images by default:
1. Go to File > Options > Trust Center
2. Click Trust Center Settings
3. Check Don’t download pictures automatically in HTML email messages or RSS items

To allow images for a single message:
- Click the InfoBar at the top of the message, then click Download Pictures

To whitelist a sender or domain:
- Right-click a blocked image in a message
- Choose Add Sender to Safe Senders List or Add the Domain to Safe Senders List

Gmail

To require approval before loading images:
1. Click the gear icon, then See all settings
2. Scroll to the Images section
3. Select Ask before displaying external images
4. Click Save Changes

Gmail already blocks images automatically from senders it flags as suspicious.

Proton Mail

To block remote images:
1. Go to Settings > All settings > Proton Mail > Email privacy
2. Turn off Auto Show remote images

To block embedded images:
1. Go to Settings > All settings > Proton Mail > Messages and composing
2. Turn off Auto Show embedded images

When you open an email with blocked images, you’ll see a banner offering to load them. Click Load if you trust the sender.

Apple Mail (macOS / iOS)

1. Open Mail > Settings (or Preferences)
2. Go to the Privacy tab
3. Uncheck Protect Mail Activity or configure Block All Remote Content

Thunderbird

1. Go to Settings > Privacy & Security
2. Uncheck Allow remote content in messages

Quick Checklist

• [ ] Turn off automatic image loading in your primary email client
• [ ] Do the same on your phone’s email app
• [ ] Whitelist senders you trust (your bank, key vendors, internal company emails)
• [ ] Train employees to leave image loading off by default
• [ ] Add this setting to your new-employee onboarding process
• [ ] Forward suspicious emails to ForwardToSafety.com for verification before loading images or clicking links