[xja]

I was think more of a specific mail scanning process for images that look exactly like UI elements, with some fuzzy match.

If it matches, flag it with the usual warnings.

It feels like there's at least the potential to explore options.

[das_keyboard]

Why don't just put a little frame around embedded elements like pictures, etc? Maybe with a little icon indicating the type.

[laumars]

That would break more legitimate HTML e-mails than the phishing it's aiming to catch. You might argue that it's worth the breakage but that would be a harder argument to sell to businesses.

Pragmatically I think Browsers disabling the rendering of data:text/html is a better approach. The breakage is minimal and it would catch more phishing attacks than just ones that originated from emails with images embedded.

[pavel_lishin]

According to our numbers, plain emails actually perform better than HTML emails when it comes to business mailings.

[laumars]

That's good to read but sadly that's a different point to the one I was making. Google would break a lot of legitimate emails if they make the changes to GMail that the GP was proposing. This would be an unattractive solution to Google as they are effectively breaking their "mail client" (in the broader sense of the term) in relation to their competitors and the benefits are limited to a specific type of phishing attack. So when Google way up the risk of annoying their customer base vs the securing them: this particular fix is unlikely to score high enough in the latter category to be worth the risk to the former.

[jcranmer]

Break the image into several layers and use transparency for the non-included bits. Or you could go full Acid2-like crazy CSS to generate the image from multiple, apparently innocuous elements.