0

I send emails to my iOS and Android app customers from my server, hosted by JustHost. On an iOS15 device, all the images that are hosted on my server are being blocked (no error message, just an empty box). There is nothing malicious in the images, no tracking. I can successfully send images from other domains in my emails - but those same images that I copy to my server are then blocked. I called my hosting company and they had no idea. The emails show up fine in other versions of iOS and everywhere else. I use the img tag in my emails to reference the images, sent using Sendmail in Perl. What do I need to ask JustHost to do to enable my images to be shown in iOS15?

Sulthan
  • 128,090
  • 22
  • 218
  • 270
Jon Schlossberg
  • 329
  • 2
  • 11
  • Does you server use https? – Sulthan Oct 31 '21 at 19:51
  • Thanks! I thought of that - but one image I found on the web is http and it works fine. I use http for my images. I do have an SSL certificate but can't seem to access the images via https. I'm looking into that but not optimistic. Hopefully! – Jon Schlossberg Nov 01 '21 at 00:23

1 Answers1

2

The reason your images are blocked not displayed on iOS15 is that the iOS Mail app is not able to successfully fetch the images. For clarification, iOS15 does not block your images or your Web server.

On iOS15, the string "Mozilla/5.0" (as-is) is used for the User Agent header in HTTP requests when the iOS Mail app fetches resources (e.g., images) from Web servers. This exact User Agent string triggers the ModSecurity module (which is installed by nearly all commercial Web hosts), resulting in a "406 Not Acceptable" status phrase in the HTTP response. You can verify it by spoofing your Web browser's User Agent string and visiting any URL in your website (it doesn't matter whether or not the URL points to an existing resource).

If you have root access to your Web server (which you won't if you are on shared hosting), you can disable the offending rule in ModSecurity that triggers this. I wouldn't recommend disabling ModSecurity as a whole because it is an excellent module for your server's security.

Another way to circumvent this issue is by setting an ErrorDocument for 406 with a script (e.g., a PHP script) that serves the image as output (with corresponding HTTP headers, of course). The HTTP response's status phrase of "406 Not Acceptable" will remain, but there is a way to change it (e.g., to "200 OK"), although changing it may not be necessary as of my last test.

I have the same problem as you, and I have figured it out just today.

dev4lyf
  • 21
  • 3