It uses MJML under the hood to ensure email-safe HTML is generated. That should prevent many edge cases where failures can happen - but I'm sure there are some skeletons we'll have to find / fix.
> But it still permits message open detection just fine.
This is only true if you allow external images to be displayed by default.
If you set Gmail to ask before displaying external images, then message open detection does not work unless you explicitly tell Gmail to display images on an individual message.
I think dancablam's point with regard to the proxying is that, if the email sent to you contains img5_135986213.jpg, and 135986213 is unique to the email sent to your address, then when the Gmail proxy pulls that file, it still registers as a hit for the email sent to you.
Your point, in turn, would be that if you never give Gmail permission to load the images for the email sent to you, then Gmail never tries to access that image file that is, by filename, linked to the specific email that was sent to you.
dancablam's point is separately valid. If you think Gmail's image proxying is going to hide your reading (with images) of the email, well, these days not so much, depending upon the design of said email and corresponding tracking.
Maybe Gmail still catches crap/malicious metadata in viewed images, including stuff that can be escalated/elevated by parsing bugs and whatnot. As long as their detection is updated to catch whatever's being thrown at you in a particular email.
