Summary
Images from reputable vendors might be blocked by your network due to a complex interplay of factors. These include overly aggressive firewall or security policies, content filtering issues, poor CDN or sender reputation, false positives from intrusion prevention systems (IPS), mixed content blocking, DNS resolution problems, browser security settings, TLS/SSL certificate issues, vendor CDN configuration choices, image proxies, Outlook settings, and hotlinking prevention measures. The issue can stem from your network's security measures, the vendor's infrastructure, or a combination of both.
Key findings
- Security Policies & Firewalls: Overly strict firewall rules or security policies might block the vendor's image server or CDN.
- Content Filtering: Content filters could be miscategorizing the image hosting domain, leading to the blockage.
- CDN/Sender Reputation: A poor CDN IP reputation or a flagged sender reputation can cause image blocking, even if the vendor is generally reputable.
- IPS False Positives: The network's Intrusion Prevention System (IPS) may incorrectly identify the images as a threat.
- Mixed Content Blocking: Serving images over HTTP within an HTTPS email can trigger mixed content blocking.
- DNS Resolution Issues: Problems with DNS resolution could prevent the network from locating the image server.
- Browser Security Settings: Browser settings or extensions focused on privacy/security can block images.
- TLS/SSL Certificate Problems: Issues with TLS/SSL certificates on the image server might cause the images to be blocked.
- Vendor CDN Configuration: The vendor's CDN setup (domain name, settings) might inadvertently trigger security filters.
- Image Proxies: Image proxies used by networks/email clients can sometimes misinterpret or fail to handle the vendor's image hosting.
- Outlook Settings: Outlook settings can block automatic picture downloads.
- Hotlinking Prevention: The vendor may have implemented hotlinking prevention that inadvertently blocks legitimate users.
Key considerations
- Consult with IT: Engage your IT department to investigate network-level blocking, firewall configurations, and content filtering rules.
- Check Firewall/Security Logs: Review logs to identify blocked domains, IPs, or CDN activity.
- Verify DNS Resolution: Confirm that your network can resolve the hostname of the image server.
- Examine Browser Settings: Check browser security settings or extensions that might be blocking the images.
- Review Email Client Settings: Verify that your email client (e.g., Outlook) is configured to download images automatically.
- Contact the Vendor: If the problem persists, contact the vendor to inquire about their CDN configuration and hotlinking prevention measures.
- Whitelist Specific Domains: If identified, consider whitelisting the vendor’s image hosting domain.
- Investigate Sender Reputation: Check the vendor's sender reputation using online tools.
What email marketers say
10 marketer opinions
Images from reputable vendors may be blocked by your network due to a variety of reasons. These include overly aggressive firewall or security policies, content filtering issues, poor CDN or sender reputation, false positives from intrusion prevention systems, mixed content blocking, DNS resolution problems, browser security settings, TLS/SSL certificate issues, and image proxies.
Key opinions
- Firewall/Security Policies: Overly restrictive firewall settings or security policies may block image servers or CDNs.
- Content Filtering: Content filters may miscategorize the image hosting domain as a risk, leading to blocked images.
- CDN Reputation: A poor CDN reputation (due to other users) can cause your network to block all content from that CDN.
- IPS False Positives: Intrusion Prevention Systems (IPS) might incorrectly flag images as zero-day exploits.
- Mixed Content: Serving images over HTTP on an HTTPS page can trigger mixed content blocking.
- DNS Issues: DNS resolution failures can prevent your network from locating the image server.
- Browser Security: Browser settings/extensions related to privacy or ad-blocking may interfere with image loading.
- Sender Reputation: Even reputable vendors can have sender reputation issues affecting image display.
- TLS/SSL Issues: Problems with TLS/SSL certificates on the image server can lead to blocking.
- Image Proxies: Network or email client image proxies may cause failures or misinterpretations.
Key considerations
- Check Firewall/Security Logs: Review firewall logs to identify blocked domains or IP addresses related to the vendor's images.
- Examine Content Filter Settings: Assess content filter categories and consider whitelisting the vendor's image hosting domain.
- Update IPS Signatures: Ensure your Intrusion Prevention System's signature database is up-to-date.
- Verify SSL Certificates: Check the SSL certificates of the server hosting the images.
- Review Browser Settings: Evaluate browser security settings/extensions that might be blocking images.
- Contact IT: Consult with your IT department to investigate network-level blocking issues.
- Test with different networks: Test on different networks to see if the issue is specific to your network.
- Check for mixed content: Ensure images are served over HTTPS if the email is also sent over HTTPS.
Marketer view
Email marketer from StackExchange suggests that the network's Intrusion Prevention System (IPS) might be falsely identifying the images as part of a zero-day exploit attempt, leading to the block. This can occur if the IPS signature database is outdated or overly sensitive.
13 Feb 2022 - StackExchange
Marketer view
Email marketer from Email Marketing Forum explains that if the vendor uses a Content Delivery Network (CDN) to host images, the CDN's IP reputation might be poor due to other users on the same CDN engaging in malicious activities. This could lead to your network blocking the entire CDN.
9 Nov 2024 - Email Marketing Forum
What the experts say
2 expert opinions
Images from reputable vendors might be blocked due to the vendor's intentional (but questionable) CDN setup. This includes using a domain configuration that raises red flags and choosing a name that appears suspicious. Additionally, the use of image proxies by networks and email clients can sometimes lead to failures or misinterpretations of the vendor's image hosting setup, causing blocks.
Key opinions
- Vendor CDN Configuration: Vendors might unintentionally or intentionally configure their CDN in a way that triggers security concerns (e.g., using a questionable domain name pattern).
- Image Proxies: Image proxies, used by networks/email clients for security and privacy, can sometimes misinterpret or fail to handle the vendor's image hosting, leading to blocking.
Key considerations
- Vendor's CDN Setup: Investigate the vendor's CDN configuration, particularly the domain name and structure used for image hosting.
- Proxy Compatibility: Consider how your network's or email client's image proxy might be interacting with the vendor's image hosting setup. This may involve testing or configuration changes to the proxy itself.
Expert view
Expert from Word to the Wise explains that some networks and email clients use image proxies which can sometimes fail or misinterpret the vendor's image hosting setup. This is due to the network essentially acting as a man-in-the-middle, retrieving the images and then serving them to the recipient.
11 Sep 2022 - Word to the Wise
Expert view
Expert from Email Geeks explains the vendor intentionally set up a CDN with a specific domain configuration (www.*.com) and a name that looks like word<randomstring>.com, implying a lack of oversight or disregard for potentially problematic configuration choices.
5 Aug 2024 - Email Geeks
What the documentation says
5 technical articles
Image blocking can occur due to various factors, including web filtering solutions that categorize the vendor's image server as undesirable, application control features in firewalls blocking content from unknown sources, URL filtering based on reputation, Outlook's image download settings, and hotlinking prevention measures implemented by the vendor.
Key findings
- Web Filtering: Web filters might miscategorize the vendor's image server, leading to blocking.
- Application Control: Firewall application control can block images from untrusted sources, even in reputable vendor emails.
- URL Filtering: Firewall URL filtering uses category and reputation, blocking negatively categorized/rated image URLs.
- Outlook Settings: Outlook settings to disable automatic image downloads can prevent images from loading.
- Hotlinking Prevention: The vendor's hotlinking prevention measures can block your network if Referer headers are not properly passed or the CDN configuration is incorrect.
Key considerations
- Web Filter Review: Review your web filter's categorization of the vendor's image server and adjust if necessary.
- Firewall Configuration: Check your firewall's application control and URL filtering settings.
- Outlook Settings: Verify Outlook's image download settings are configured to allow images from trusted sources.
- Referer Header: If the vendor uses hotlinking prevention, ensure your network or email client is correctly passing the Referer header.
Technical article
Documentation from Palo Alto Networks Documentation details how URL filtering works in their firewalls. The firewall checks the category and reputation of URLs. If the vendor's image hosting URL is categorized negatively or has a poor reputation, it will be blocked.
27 Sep 2023 - Palo Alto Networks Documentation
Technical article
Documentation from Microsoft Support explains that Outlook has settings that control automatic image downloads. If "Don't download pictures automatically in HTML e-mail messages or RSS items" is enabled, Outlook may block images, even from reputable vendors.
17 Nov 2024 - Microsoft Support
Are image-based emails a good practice, and what are the deliverability and accessibility implications?
Are image-only emails bad for deliverability?
Can images in emails cause them to go to spam?
Do email spam filters scan image content and QR codes?
Do images in email and PDF attachments affect email deliverability?
Do images in emails affect deliverability?
