| I highly agree this is a bad article, but I disagree AMP for email is fine. Outside of the big criticism (email should not be interactive), here are I think the majority of email-specific criticisms I have: First, AMP email still has all the same problems around CORS[0]. One of Google's arguments as to why AMP should be considered open is that anyone can implement the cache. However, in order for AMP to be secure, you have to implement CORS headers, which means in practice, no, not anyone can implement the cache. You have to both implement it, and get buy-in from every domain to use it for your emails. Google's working on the URL stuff to allow separate domains to act as if they're the original domain -- that's still something that requires buy-in from the site owner. And that makes sense, if it didn't require buy-in from the site owner, it would be tremendously insecure. But that also flies in face of the idea that anyone can go out and just implement this. It opens the door for Google to just kind of "accidentally" become the major de-facto owner of all of this content because site operators decide to only add them and no one else. Extending from that criticism, this means that if I implement AMP inside of an email client (particularly in a browser client), there is a pretty good chance that whatever internal caching mechanisms I'm using to keep users safe won't work[1]. For example, I could currently decide to cache CSS and images locally so that an attacker can't change the contents of an image after they send it. I could also do what Gmail currently does and proxy CSS through an internal server to prevent a lot of user tracking in HTML emails. But I can't do that with dynamically loaded data unless I either break CORS or implement my own cache and get email senders to respect it. And to be clear, the AMP cache is something I may not even care about implementing on the web -- but I definitely care about being able to proxy/cache requests in an email client. Instead, what I'll be left with for most emails sent using AMP is either trusting the original domain, which opens up many tracking vectors, or tying my service to Google's caches. These are hard problems to solve. Frankly, I have no idea how to make interactive emails that are both secure against CORS attacks and allow email clients to do the kind of caching, proxying, and rewriting they want to do. I don't envy anyone who has to figure out how to do that. My gut reaction is maybe that's a sign that interactive emails are just a bad idea. I also have a concern that Google's already shown it's willing to add company-specific components[2] to the spec. I don't see any reason to believe that this won't happen with Email. The problems with branded components inside of an open spec should hopefully be obvious, but it's also kind of hard to avoid them, because AMP isn't designed to run custom code, and in many cases wouldn't be flexible enough without these components. Again, this is a really hard problem to solve, and my takeaway is, maybe the core idea of hard-limiting developers to drag-and-drop components is bad. I also have a (mild) security concern, in that this greatly increases the potential attack vectors for email clients. AMP clients do run arbitrary code, they just run a set number of pre-validated scripts. I generally assume Google is secure, but I get worried whenever I see new attack vectors introduced; and particularly components like amp-bind make me slightly nervous. Finally, there's the problem that all of this requires trusting Google. And I know this is an annoying argument that feels illegitimate, but I think Google is fundamentally an untrustworthy company right now. If someone says that AMP for email isn't going to have things like analytics components in the future -- I'm sorry, I just don't believe that. [0]: https://amp.dev/documentation/guides-and-tutorials/learn/amp... [1]: https://amp.dev/documentation/components/amp-list?format=ema... [2]: https://amp.dev/documentation/components/amp-facebook [3]: https://amp.dev/documentation/components/amp-bind?format=ema... |