I want to avoid spy pixels.
It does display them as HTML but it does not download external images like tracking pixels by default.
But AFAIK an HTML itself can contain a dangerous script, or am I missing something about this ?
HTML on its own is just a method for formatting text/images. It contains instructions like "Make the following text bold, include an image there, etc. . Scripts are something different and are disabled completely in K-9 (as they should be in every email client) - scripts don’t have to be dangerous, though. This forum uses tons of scripts to show the live preview of the typed message, for example. Scripts are mostly a problem in web-based email clients where all messages share the same browser window. In K-9, messages are separated from each other because of how they are displayed.
The only thing that could happen are tracking pixels where the sender of the email gets to know that you actually looked at the email. It’s a privacy issue but I wouldn’t call it “dangerous”. If you disable loading images, K-9 no longer loads images that need to be fetched from an external server. Therefore, tracking pixels are not loaded. Images that are actually sent together with the email are still shown because they are not a privacy problem.
Amazing, thanks for the detailed explanation.