Tell HN: Gmail tampers with incoming email body content

9 chrisjj 19 8/2/2025, 10:57:37 AM

Comparing Gmail page source with message original on for example the latest genuine Amazon scam warning shows linkification of "amazon.co.uk" by Gmail. Quite ironic given the warning about links in scam mails.

Gmail: https://i.imgur.com/MQH1shA.png Fastmail: https://i.imgur.com/tczhO8g.png

Gmail Print likewise: https://i.imgur.com/SWoPXqs.png

God help anyone printing emails to shows tampering or lack of for a legal case. And does Gmail have any "Display un****ed" option?? Er, no.

And Amazon, perhaps check your emails on the world's top web client?

Comments (19)

meinersbur · 4h ago

GMail (and Fastmail) are rendering the email. It just happens that the email and we webbrowser are both HTML. In no case should they just literally forward the email HTML to the browser. They scrub JavaScript, non-whitelisted HTML elements, rewrite links/external resources including tracking pixels.

You can see the raw email with "show original" in the options

chrisjj · 44m ago

> They scrub ... non-whitelisted HTML elements

Any documenation on that list?

Redoubts · 1h ago

Meh, macOS’s Mail.app approach of everything-but-the-JavaScript is great and I wish outlook & Gmail did it too

AlexErrant · 4h ago

> does Gmail have any "Display un**ed" option?? Er, no.

On the email, click the dotdotdot, show original. https://imgur.com/a/ymjtfCI

nubg · 4h ago

I don't get what the problem is? Gmail turns text that looks like a link into a clickable link. What could the negative implications of that be?

chrisjj · 1h ago

Facilitating phishers.

john01dav · 4h ago

If they have some system to edit emails as they come in, then other less benign editing could be present, either profitable-malicious or from a bug. With no indication of editing and no easy way to view an unedited email this would also fly under the radar in many cases.

jsnell · 4h ago

Why in the world are you and the op calling this "editing"?

Like, the OP clearly does not understand the distinction between rendering the email and storing it, given their "evidence". But you do understand the difference. Why take their confusion at face value like that?

john01dav · 3h ago

I was answering the question about why it would be a problem if the evidence is correct. If the evidence is valid is a separate issue which I made a separate comment about.

chrisjj · 1h ago

The OP is not calling editing.

And storing? How is that in any way relevant?

john01dav · 4h ago

In what client are you viewing this in your screenshots? If their web mail client displays things as links that's much less concerning to me than the SMTP backend tampering. It's expected for an email client to have quality of life features.

chrisjj · 1h ago

The client is as per the labels. Gmail, Fastmail.

> It's expected for an email client to have quality of life features.

Yup. Phishers deserve quality too!

Consider a phish-warning email saying "genuine emails from us will never contain links"... showing these links.

andylynch · 4h ago

Outlook’s done this for like a decade? Ditto Apple mail.

I think they do the same with email addresses and phone numbers too, it’s kind of useful and not a big deal.

politelemon · 3h ago

All web clients choose how to render their emails and there will be variations. This is not tampering.

chrisjj · 1h ago

It is, where the alteration is unauthorised.

I do not recall the Google terms seeking such authorisation.

Is there even an option to disable?

VladVladikoff · 4h ago

I’m so confused. Isn’t Amazon.co.uk their official domain in the UK? How is that link a scam?

chrisjj · 1h ago

No-one said that link is a scam. But the next one could be.

endominus · 4h ago

The OP is not claiming that the link is being changed; the complaint is that a hyperlink is being generated from the plaintext URL. The HTML body of the email is being modified.

beardyw · 4h ago

I'm afraid my righteous indignation only flickered slightly.