A proposal for an Email Avatar Header

Navarr Barnier
Oct 30, 2016 · 3 min read

It came up in discussion, upon a large group of people reading Google’s article about how it is tightening email security and making the absence of certain best practices visible to users, that Avatars are a very common thing tied to emails.

There are some existing ad-hoc usages of email headers for this use case, and there are services that allow an email address to be associated with an avatar. We’ll cover those first.

Previous/Current Solutions

  • Face — a newer take on X-Face, Face would allow a 48x48 PNG to be base-64 encoded and attached to the message as a “Face” header.
  • X-Image-URL — Similar to Face and X-Face, X-Image-URL separated from the rest as a way to set a URL to be sent instead of the image encoded. This was adopted by Mail.app, but was later removed.
  • Gravatar — Gravatar is a free service that lets you register your emails with them and attach an avatar to said email. These avatars can have various age ratings that services that use Gravatar may enforce to keep explicit avatars out of PG services, for example.
  • Google+ — Inbox by Gmail, and Gmail (to a lesser extent) use

These are all pretty okay. But that’s just it — they’re “okay.” X-Face, Face, and X-Image-URL are definitely the better options. They’re not tied to a third party service and they can change between emails (even from the same sender).

My proposal is basically the same as X-Image-URL, but updated to be slightly more modern.

My Proposal

I’ve gone with this decision because, ultimately, srcset supports everything an avatar would need (chiefly: the ability to provide multiple resolutions)

The name of this email header would be “X-Image-Srcset” — to be changed to “Image-Srcset” whenever appropriate.

Requirements of this header:

  • Implementations MUST NOT process the header unless it is DKIM signed
  • Implementations MUST NOT process the header unless the email passes SPF
  • The header MUST be preferred to third party services (such as Gravatar and Google+)
  • Implementations MUST support PNG
  • Implementations SHOULD support APNG, WEBP, AWEBP, and JPG
  • Implementations SHOULD allow the user to disable animations
  • Implementations MAY support gif

Of particular note in these details is the requirement for DKIM and SPF. Care should be especially taken to thwart Phishing schemes as avatar images may help lend undeserved credibility to the email.

Hacker Noon is how hackers start their afternoons. We’re a part of the @AMIfamily. We are now accepting submissions and happy to discuss advertising &sponsorship opportunities.

To learn more, read our about page, like/message us on Facebook, or simply, tweet/DM @HackerNoon.

If you enjoyed this story, we recommend reading our latest tech stories and trending tech stories. Until next time, don’t take the realities of the world for granted!

HackerNoon.com

#BlackLivesMatter

Sign up for DONT SIGN UP FOR THIS NEWSLETTER

By HackerNoon.com

how hackers start their afternoon. the real shit is on hackernoon.com. Take a look

By signing up, you will create a Medium account if you don’t already have one. Review our Privacy Policy for more information about our privacy practices.

Check your inbox
Medium sent you an email at to complete your subscription.

Navarr Barnier

Written by

Magento, PHP, Minecraft (Shotbow) & More

HackerNoon.com

Elijah McClain, George Floyd, Eric Garner, Breonna Taylor, Ahmaud Arbery, Michael Brown, Oscar Grant, Atatiana Jefferson, Tamir Rice, Bettie Jones, Botham Jean

Navarr Barnier

Written by

Magento, PHP, Minecraft (Shotbow) & More

HackerNoon.com

Elijah McClain, George Floyd, Eric Garner, Breonna Taylor, Ahmaud Arbery, Michael Brown, Oscar Grant, Atatiana Jefferson, Tamir Rice, Bettie Jones, Botham Jean

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store