It came up in discussion, upon a large group of people reading Google’s article about how it is tightening email security and making the absence of certain best practices visible to users, that Avatars are a very common thing tied to emails.
There are some existing ad-hoc usages of email headers for this use case, and there are services that allow an email address to be associated with an avatar. We’ll cover those first.
These are all pretty okay. But that’s just it — they’re “okay.” X-Face, Face, and X-Image-URL are definitely the better options. They’re not tied to a third party service and they can change between emails (even from the same sender).
My proposal is basically the same as X-Image-URL, but updated to be slightly more modern.
My proposal is best shortened to “a signed srcset header.” That is, you take the contents of an <img /> srcset attribute, you put it into an email header, and you sign it using DKIM.
I’ve gone with this decision because, ultimately, srcset supports everything an avatar would need (chiefly: the ability to provide multiple resolutions)
The name of this email header would be “X-Image-Srcset” — to be changed to “Image-Srcset” whenever appropriate.
Requirements of this header:
Of particular note in these details is the requirement for DKIM and SPF. Care should be especially taken to thwart Phishing schemes as avatar images may help lend undeserved credibility to the email.
Hacker Noon is how hackers start their afternoons. We’re a part of the @AMIfamily. We are now accepting submissions and happy to discuss advertising &sponsorship opportunities.
To learn more, read our about page, like/message us on Facebook, or simply, tweet/DM @HackerNoon.
If you enjoyed this story, we recommend reading our latest tech stories and trending tech stories. Until next time, don’t take the realities of the world for granted!