Suped

Why are images from a reputable vendor's email blocked by my network?

10 Marketer opinions2 Expert opinions5 Technical articles6 Resources

Summary

Images from reputable vendors might be blocked by your network due to a complex interplay of factors. These include overly aggressive firewall or security policies, content filtering issues, poor CDN or sender reputation, false positives from intrusion prevention systems (IPS), mixed content blocking, DNS resolution problems, browser security settings, TLS/SSL certificate issues, vendor CDN configuration choices, image proxies, Outlook settings, and hotlinking prevention measures. The issue can stem from your network's security measures, the vendor's infrastructure, or a combination of both.

Key findings

  • Security Policies & Firewalls: Overly strict firewall rules or security policies might block the vendor's image server or CDN.
  • Content Filtering: Content filters could be miscategorizing the image hosting domain, leading to the blockage.
  • CDN/Sender Reputation: A poor CDN IP reputation or a flagged sender reputation can cause image blocking, even if the vendor is generally reputable.
  • IPS False Positives: The network's Intrusion Prevention System (IPS) may incorrectly identify the images as a threat.
  • Mixed Content Blocking: Serving images over HTTP within an HTTPS email can trigger mixed content blocking.
  • DNS Resolution Issues: Problems with DNS resolution could prevent the network from locating the image server.
  • Browser Security Settings: Browser settings or extensions focused on privacy/security can block images.
  • TLS/SSL Certificate Problems: Issues with TLS/SSL certificates on the image server might cause the images to be blocked.
  • Vendor CDN Configuration: The vendor's CDN setup (domain name, settings) might inadvertently trigger security filters.
  • Image Proxies: Image proxies used by networks/email clients can sometimes misinterpret or fail to handle the vendor's image hosting.
  • Outlook Settings: Outlook settings can block automatic picture downloads.
  • Hotlinking Prevention: The vendor may have implemented hotlinking prevention that inadvertently blocks legitimate users.

Key considerations

  • Consult with IT: Engage your IT department to investigate network-level blocking, firewall configurations, and content filtering rules.
  • Check Firewall/Security Logs: Review logs to identify blocked domains, IPs, or CDN activity.
  • Verify DNS Resolution: Confirm that your network can resolve the hostname of the image server.
  • Examine Browser Settings: Check browser security settings or extensions that might be blocking the images.
  • Review Email Client Settings: Verify that your email client (e.g., Outlook) is configured to download images automatically.
  • Contact the Vendor: If the problem persists, contact the vendor to inquire about their CDN configuration and hotlinking prevention measures.
  • Whitelist Specific Domains: If identified, consider whitelisting the vendor’s image hosting domain.
  • Investigate Sender Reputation: Check the vendor's sender reputation using online tools.

What email marketers say
10Marketer opinions

Images from reputable vendors may be blocked by your network due to a variety of reasons. These include overly aggressive firewall or security policies, content filtering issues, poor CDN or sender reputation, false positives from intrusion prevention systems, mixed content blocking, DNS resolution problems, browser security settings, TLS/SSL certificate issues, and image proxies.

Key opinions

  • Firewall/Security Policies: Overly restrictive firewall settings or security policies may block image servers or CDNs.
  • Content Filtering: Content filters may miscategorize the image hosting domain as a risk, leading to blocked images.
  • CDN Reputation: A poor CDN reputation (due to other users) can cause your network to block all content from that CDN.
  • IPS False Positives: Intrusion Prevention Systems (IPS) might incorrectly flag images as zero-day exploits.
  • Mixed Content: Serving images over HTTP on an HTTPS page can trigger mixed content blocking.
  • DNS Issues: DNS resolution failures can prevent your network from locating the image server.
  • Browser Security: Browser settings/extensions related to privacy or ad-blocking may interfere with image loading.
  • Sender Reputation: Even reputable vendors can have sender reputation issues affecting image display.
  • TLS/SSL Issues: Problems with TLS/SSL certificates on the image server can lead to blocking.
  • Image Proxies: Network or email client image proxies may cause failures or misinterpretations.

Key considerations

  • Check Firewall/Security Logs: Review firewall logs to identify blocked domains or IP addresses related to the vendor's images.
  • Examine Content Filter Settings: Assess content filter categories and consider whitelisting the vendor's image hosting domain.
  • Update IPS Signatures: Ensure your Intrusion Prevention System's signature database is up-to-date.
  • Verify SSL Certificates: Check the SSL certificates of the server hosting the images.
  • Review Browser Settings: Evaluate browser security settings/extensions that might be blocking images.
  • Contact IT: Consult with your IT department to investigate network-level blocking issues.
  • Test with different networks: Test on different networks to see if the issue is specific to your network.
  • Check for mixed content: Ensure images are served over HTTPS if the email is also sent over HTTPS.
Marketer view

Email marketer from StackExchange suggests that the network's Intrusion Prevention System (IPS) might be falsely identifying the images as part of a zero-day exploit attempt, leading to the block. This can occur if the IPS signature database is outdated or overly sensitive.

September 2024 - StackExchange
Marketer view

Email marketer from Email Marketing Forum explains that if the vendor uses a Content Delivery Network (CDN) to host images, the CDN's IP reputation might be poor due to other users on the same CDN engaging in malicious activities. This could lead to your network blocking the entire CDN.

March 2022 - Email Marketing Forum
Marketer view

Email marketer from Email Deliverability Blog explains the vendor's sender reputation (related to the IP or domain sending the email) may be affecting image display if your email client or server is using filtering based on sender reputation, even if the vendor is generally considered reputable. This filtering might affect image loading.

December 2023 - Email Deliverability Blog
Marketer view

Email marketer from Web Development Forums discusses the possibility of "mixed content" blocking if the email is sent over HTTPS but includes image URLs that are only served over HTTP. Some networks block mixed content to prevent security vulnerabilities.

June 2021 - Web Development Forums
Marketer view

Email marketer from Reddit suggests the network's content filter might be categorizing the image hosting domain as a potential risk, leading to the blocking. They also recommend checking the content filter settings or whitelisting the specific domain used for image hosting.

October 2022 - Reddit
Marketer view

Marketer from Email Geeks suggests checking with IT for firewall or browser policy blocks. They also ask if the image hosting links are branded with a CNAME to represent a subdomain of the parent domain, suggesting extra scrutiny if so.

July 2023 - Email Geeks
Marketer view

Email marketer from Infosec Community explains browser security settings or extensions might be blocking the images due to privacy or security concerns. This could be related to tracking prevention or aggressive ad-blocking features.

February 2024 - Infosec Community
Marketer view

Email marketer from Spiceworks Community explains that the network might be blocking the images due to overly aggressive security policies or firewall settings. It suggests checking the firewall logs to see if the image server's domain or IP address is being blocked.

February 2024 - Spiceworks Community
Marketer view

Email marketer from Network Engineering Forums suggests that DNS resolution issues could be preventing the network from resolving the hostname of the image server, leading to the block. This could be due to a DNS server outage or misconfiguration.

June 2022 - Network Engineering Forums
Marketer view

Email marketer from Cybersecurity Forums suggests if there are TLS/SSL certificate issues (e.g., expired or invalid certificates) on the server hosting the images, it could lead to browsers or network devices blocking the image loading for security reasons.

March 2022 - Cybersecurity Forums

What the experts say
2Expert opinions

Images from reputable vendors might be blocked due to the vendor's intentional (but questionable) CDN setup. This includes using a domain configuration that raises red flags and choosing a name that appears suspicious. Additionally, the use of image proxies by networks and email clients can sometimes lead to failures or misinterpretations of the vendor's image hosting setup, causing blocks.

Key opinions

  • Vendor CDN Configuration: Vendors might unintentionally or intentionally configure their CDN in a way that triggers security concerns (e.g., using a questionable domain name pattern).
  • Image Proxies: Image proxies, used by networks/email clients for security and privacy, can sometimes misinterpret or fail to handle the vendor's image hosting, leading to blocking.

Key considerations

  • Vendor's CDN Setup: Investigate the vendor's CDN configuration, particularly the domain name and structure used for image hosting.
  • Proxy Compatibility: Consider how your network's or email client's image proxy might be interacting with the vendor's image hosting setup. This may involve testing or configuration changes to the proxy itself.
Expert view

Expert from Word to the Wise explains that some networks and email clients use image proxies which can sometimes fail or misinterpret the vendor's image hosting setup. This is due to the network essentially acting as a man-in-the-middle, retrieving the images and then serving them to the recipient.

February 2023 - Word to the Wise
Expert view

Expert from Email Geeks explains the vendor intentionally set up a CDN with a specific domain configuration (www.*.com) and a name that looks like word<randomstring>.com, implying a lack of oversight or disregard for potentially problematic configuration choices.

November 2024 - Email Geeks

What the documentation says
5Technical articles

Image blocking can occur due to various factors, including web filtering solutions that categorize the vendor's image server as undesirable, application control features in firewalls blocking content from unknown sources, URL filtering based on reputation, Outlook's image download settings, and hotlinking prevention measures implemented by the vendor.

Key findings

  • Web Filtering: Web filters might miscategorize the vendor's image server, leading to blocking.
  • Application Control: Firewall application control can block images from untrusted sources, even in reputable vendor emails.
  • URL Filtering: Firewall URL filtering uses category and reputation, blocking negatively categorized/rated image URLs.
  • Outlook Settings: Outlook settings to disable automatic image downloads can prevent images from loading.
  • Hotlinking Prevention: The vendor's hotlinking prevention measures can block your network if Referer headers are not properly passed or the CDN configuration is incorrect.

Key considerations

  • Web Filter Review: Review your web filter's categorization of the vendor's image server and adjust if necessary.
  • Firewall Configuration: Check your firewall's application control and URL filtering settings.
  • Outlook Settings: Verify Outlook's image download settings are configured to allow images from trusted sources.
  • Referer Header: If the vendor uses hotlinking prevention, ensure your network or email client is correctly passing the Referer header.
Technical article

Documentation from Palo Alto Networks Documentation details how URL filtering works in their firewalls. The firewall checks the category and reputation of URLs. If the vendor's image hosting URL is categorized negatively or has a poor reputation, it will be blocked.

February 2024 - Palo Alto Networks Documentation
Technical article

Documentation from Microsoft Support explains that Outlook has settings that control automatic image downloads. If "Don't download pictures automatically in HTML e-mail messages or RSS items" is enabled, Outlook may block images, even from reputable vendors.

April 2021 - Microsoft Support
Technical article

Documentation from Cloudflare Support explains if the vendor has implemented hotlinking prevention measures on their image server, your network might be blocked from directly accessing the images, especially if the Referer header is not being correctly passed or if the vendor's CDN configuration is blocking requests without a proper referer.

August 2023 - Cloudflare Support
Technical article

Documentation from Cisco Documentation explains that web filtering solutions block content based on categories, reputation, and other criteria. The vendor's image server might be inadvertently categorized as malicious or undesirable by the web filter, leading to the block.

March 2022 - Cisco Documentation
Technical article

Documentation from Fortinet Document Library details the application control features of their firewall products. Application control can block specific types of content, including images from unknown or untrusted sources, even if they are delivered via email from a reputable vendor.

August 2021 - Fortinet Document Library

Related resources
6Resources

Phishing Quiz | Federal Trade Commission
Phishing Quiz | Federal Trade Commission

You get an email or text that seems to be from one of your company’s vendors. It asks you to click on a link to update your business account. Should you click? Probably not.

Federal Trade Commission
Protecting Personal Information: A Guide for Business | Federal ...
Protecting Personal Information: A Guide for Business | Federal ...

Most companies keep sensitive personal information in their files—names, Social Security numbers, credit card, or other account data—that identifies customers or employees.This information often is necessary to fill orders, meet payroll, or perform other necessary business functions. However, if sensitive data falls into the wrong hands, it can lead to fraud, identity theft, or similar harms. Given the cost of a security breach—losing your customers’ trust and perhaps even defending yourself against a lawsuit—safeguarding personal information is just plain good business.

Federal Trade Commission
Cisco: Software, Network, and Cybersecurity Solutions - Cisco
Cisco: Software, Network, and Cybersecurity Solutions - Cisco

Cisco is a worldwide technology leader. Our purpose is to power an inclusive future for all through software, networking, security, computing, and more solutions.

Cisco
What is Phishing? How Does it Work, Prevention, Examples
What is Phishing? How Does it Work, Prevention, Examples

In this definition, learn the meaning of phishing attacks, types of phishing, how they work and common phishing techniques. Examine some phishing examples and how to prevent a phishing attack.

Search Security
Trusted Partner Network - Home
Trusted Partner Network - Home

A global, industry-wide media and entertainment content security initiative and community network wholly owned by the Motion Picture Association.

TPN
Day One, Obsidian, and my months-long search for a private ...
Day One, Obsidian, and my months-long search for a private ...

Can my journaling app be as safe as the diary under my mattress?

The Verge

Related questions