[HerraBRE]

That's an interesting idea.

I'd hesitate to implement it though, because of secondary risks. It would need to be thought through very carefully, and there are a whole bunch of abuse scenarios that would need to be avoided or mitigated.

As a rule, Mailpile does very little when it receives a mail - until the user has interacted with it, we have to assume the mail is junk and/or potentially hostile.

See the chapter on Oracles here: https://research.checkpoint.com/cryptographic-attacks-a-guid... - automatically triggering sender-controlled network access based on the contents of e-mail opens the door for such things.

This applies not only to cryptographic attacks, but also to more pedestrian exploitation of bugs in the app itself, or silly things like turning Mailpiles into DDoS attack robots.