[mjbraun]

I'm curious if this will help spammers. AFAIK, loading a tracking pixel helps validate an email address as active (since, by design, bounce messages probably wouldn't make it back to the spammer), even if the recipient didn't otherwise respond to the message. AFAIK, "Validated" email address lists are worth more than unchecked lists and if Google is preloading images for valid accounts, then that seems to make validation even easier for spammers.

[Anonymous98236]

There's still an "Ask before displaying external images" setting, and based on the description in the article, it looks like images are only requested when the email is opened, not when it is delivered to the inbox. But, this new system looks to be enabled by default, so more people will have images enabled, which means the web bugs will mostly get through now.

[spb]

However, if they make requests (that they don't necessarily have to keep) for images for all accounts (preloading on receive and not read), it does the opposite, which is a good thing.

[mjbraun]

The problem is, if the filename/URL is unique to the user like "spammersite.tld/images/50093825343.jpg" and 50093825343" is tied to my unique email, then on Gmail's download and caching of the image, they've validated my email. If another email has 023503850485.jpg, gmail wouldn't know that the underlying file is the same unless it loads it. I don't even have to have checked my mail for this to happen.