Google Images Proxy
Set up an image URL proxy whitelist – Google Support
When your users open email messages, Gmail uses Google’s secure proxy servers to serve images that might be included in these messages. This protects your users and domain against image-based security vulnerabilities.
Because of the image proxy, links to images that are dependent on internal IPs and sometimes cookies are broken. The Image URL proxy whitelist setting lets you avoid broken links to images by creating and maintaining a whitelist of internal URLs that’ll bypass proxy protection.
When you configure the Image URL proxy whitelist, you can specify a set of domains and a path prefix that can be used to specify large groups of URLs. See the guidelines below for examples.
Configure the Image URL proxy whitelist setting
From the Admin console Home page, go to AppsGoogle WorkspaceGmailEnd User Access.
Tip: To see End User Access, scroll to the bottom of the Gmail page.
On the left, select your top-level organization.
Scroll to the Image URL proxy whitelist section.
Enter image URL proxy whitelist patterns. Matching URLs will bypass image proxy protection. See the guidelines below for more details and instructions.
At the bottom, click Save.
You can track prior changes under Admin console audit log.
Guidelines for applying the Image URL proxy whitelist setting
Consult with your security team before configuring the Image URL proxy whitelist setting. The decision to bypass image proxy whitelist protection can expose your users and domain to security risks if not used with care.
In general, if you have a domain that needs authentication via cookie, and if that domain is controlled by an administrator within your organization and is completely trusted, then whitelisting that URL should not expose your domain to image-based attacks.
Important: Disabling the image proxy is not recommended. This option is available to provide flexibility for administrators, but disabling the image proxy can leave your users vulnerable to malicious attacks.
Entering Image URL patterns
To maintain a whitelist of internal URLs that’ll bypass proxy protection, enter the image URL patterns in the Image URL proxy whitelist setting. Matching URLs will bypass the image proxy.
A pattern can contain the scheme, the domain, and a path. The pattern must always have a forward slash (/) present between the domain and path. If the URL pattern specifies a scheme, then the scheme and the domain must fully match. Otherwise, the domain can partially match the URL suffix. For example, the pattern / matches, but not The URL pattern can specify a path that’s matched against the path prefix.
Enter your actual domain name as you enter the image URL pattern.
Always include a trailing forward slash (/) after the domain name.
Examples of Image URL pattern
The following patterns are examples only.
The following patterns:… will match the following URLs:
Note: The URL scheme () is optional. If the scheme is omitted, the pattern can match any scheme, and allows partial matches on the domain suffix.
Previewing the image URL patterns
Click Preview to see if the URLs match the image URL patterns you’ve set. If the image URL matches a pattern, you’ll see a confirmation message. If the image URL does not match, an error message appears.
Was this helpful? How can we improve it?
What is Google Image Proxy? | ScientiaMobile
What is Google Image Proxy?
Google Image Proxy is a Google service that anonymizes image requests for Gmail. Filippo Valsorda has a good write up here of how the service works. The important take away is that this service proxies any requests for image resources that are meant to be displayed in Gmail.
What User-Agent Does Google Image Proxy Send?
Here’s a sample User-Agent (UA) from the service:
Mozilla/5. 0 (Windows NT 5. 1; rv:11. 0) Gecko Firefox/11. 0 (via GoogleImageProxy)
Yes, you read that right. The services replaces any UAs from the original request for the image resource with their own UA.
What Does That Mean?
Since the original User-Agent that made the request for the image resource is no longer available, you do not know who is making the request in the first place. This means that for every request that comes from an end-user who sends or receives your image resource in an email, you will only see Google Image Proxy’s UA and IP address.
How Does Device Detection by WURFL Classify Google Image Proxy?
Previously, we classified the Google Image Proxy as a Robot/Crawler. However, based on updated data, we now know that the requests primarily originate from the Gmail service and are for image resources as intended. Therefore, to improve accuracy, WURFL will begin to classify these requests as an email client/service instead of a robot.
is_robot = true
complete_device_name = Google Image Proxy
form_factor = Robot
is_robot = false
complete_device_name = Google Mail Image Proxy
form_factor = Desktop
mobile_browser = “Email Client”
When Does This Change Happen?
We will change our detection to consider this user-agent as an email client/service and not a robot with the upcoming weekly data snapshot (November 18, 2018).
What if I want to retain my original behavior?
We understand that you might prefer to retain the previous behavior. If you choose to do so, rest assured that it is only one patch file away. Patch files are an easy way to “patch” the WURFL API’s behavior for single User-Agents and their related capabilities. A good write-up of how to use a patch file is available here.
For example, if you wanted this patch file to override the WURFL API’s behavior and detect this User-Agent as a robot, you’d use something like this:
xml version="1. 0" encoding="UTF-8"? >
This patch forces the is_robot control capability to be set to true and override the default WURFL behavior.
The Effect of Gmail Image Proxy to Email Marketers – Sendloop
Recently Gmail announced its latest feature, called Image Proxy. Before diving into details on this feature and its effect on email open detections, let me mention that it’s the only feature released by email services in the last few years that’s beneficial to email marketers.
You’re reading this right. Gmail’s latest feature is a big advantage for you, email marketers.
The answer is simple. From now on, Gmail displays images by default. When you send your HTML emails, your recipients will no longer see an email with several empty rectangles in place of images.
Also they will no longer need to click the “show images inside the email” link to make your email “human readable”.
The second advantage to this is images inside your email will now load fast. This is because Gmail will “cache” them before your recipients open the email. Once the email is opened, the images inside it will be displayed from Gmail’s servers.
To wrap it up, you have two advantages:
Your email will be displayed with all its images enabled by default
The images within your email will load rather fast and your recipients won’t have to wait several seconds to see your email’s images
Are There any Side Effects with Gmail’s Image Proxy?
There is one side effect to this cool feature: it makes email open detections inaccurate. Why? This is a bit technical, so let me explain with plain English.
When you send your HTML email, we (and all other ESPs) add a small transparent image into the HTML email content. This image is used to track the recipient’s email open activity. When the recipient opens your email and loads all images inside the email, this image is also loaded and we detect the open activity.
We log the activity. We also log the following data:
The number of times each recipient opens your email
The location of the recipient (city & country)
The email client (iPhone mail, Outlook, Apple Mail, Gmail, Yahoo, etc. )
Several other metrics
Now, however, Gmail is downloading images whenever your very first email hits their servers, and before it’s delivered to the recipient’s inbox. When all images are downloaded, the email open tracking image is also downloaded and cached.
This causes all email opens to be detected from Mountain View, California, the location of Google’s headquarters. As a consequence, email open detections are inaccurate, which in turn, definitely affects email senders who measure their metrics and optimize their follow-up deliveries.
Is There a Solution to This Dilemma?
Yes there is, and we have it. It’s already implemented to all Sendloop accounts. This solution causes unique email open detections to work as expected, which is the important metric for senders. We can not guarantee if Gmail will apply a new procedure to avoid tracking in the future, but for now, Sendloop’s email open detection system works flawlessly with Gmail’s Image Proxy feature.
Got any questions or comments? Don’t hesitate to contact us anytime.