A lot (the majority?) of email clients load remote images by default, so just viewing the email may provide validation.
In apple mail, even if you turn it off it will happily load the remote images if you try to forward the email.
I found this particularly troublesome when I wanted to forward a phishing attempt to IT, and Little Snitch showed mail trying to connect to the phishing site.
In apple mail, even if you turn it off it will happily load the remote images if you try to forward the email.
I found this particularly troublesome when I wanted to forward a phishing attempt to IT, and Little Snitch showed mail trying to connect to the phishing site.
(this was not on catalina, maybe it is fixed?)