This issue has been with me a while but I've got into the habit of copying an email link and entering it directly into Firefox browser. I used to think the waiting time up to 10 seconds was due to the browser opening up but I'm not so sure now.

If I put hyperlinks in word docs or any other doc. the hyperlink opens in my browser within seconds. whereas the same hyperlink in a pmail email takes forever, or so it seems. The other day I noticed at the bottom of the pmail screen there was 'Blacklist' filter activity.

Now I'm wondering if this huge delay in opening the browser to render the link is caused by pmail running filters (slowly?) in the background? What filters are running, do they consume a lot of cpu resource, slow things down, and should I disable them? I have AV and other security packages installed..

The IERenderer doing the HTML rendering has a Security page in its configuration dialog (click the rightmost toolbar button on Pegasus Mail's main toolbar for getting to the respective menu item) with several options about which you can get more information by right clicking these so you may decide to disable checks at least for trying and figuring out what to do according to your preferences.

Thanks good suggestion. Edit: O.K That's it. By default all the security filters are turned on. If I turn them off, links are rendered much faster. I'll selectively try turning them on and see which filters are the slowest?

Is the renderer parsing files locally or going to a URL for lists? If the latter, I could see by the time there was a server login and black list files as text quite large parsed online, that could take some time? What I like is the way my Pfsense firewall works - A.V files are downloaded once, then only updated daily or at first login in the background from a server and only the local files are parsed.

It's kind of combining both, but not downloading any lists on each check. Originally (check the SURBL website by clicking the repective link in the blacklist popup) SURBL provided a subdomain list for first step checks, all other online checks are done via cached DNS lookups. The list still exists in Pegasus Mail's programs subdirectory but isn't refreshed anymore since SURBL now recommends using local servers for maintaining such lists, and as you certainly can figure this isn't an option for common Pegasus Mail users. IOW: The main delay is due to the blacklist lookups which IER does using Windows default connections, caching the results for the current session.

Spot on! I did some old fashioned stop watch tests: With all the ie renderer 'Risky Options' and 'Security options' checked but Blacklists unchecked. My load times were about 2-2.5 seconds. With Blacklist checks enabled my load times were 20-22 seconds which is unacceptable so I'll keep it unchecked for now. I have tweaks stopping DNS leaks, use my router local DNS server, encrypted DNS via Cloudflare and VPN.

Sounds more like a timeout than anything else. I'm seeing 10 seconds at max, and it's less after caching first results. But anyway: The damage is only done if opening suspicious hyperlinks in your browser, and IMO browsers have better and more up-to-date security and privacy precautions nowadays than Pegasus Mail could ever have. I think that social engineering and improper curiosity when it comes to opening attachments are far more dangerous these days than anything else.

Thanks, the worst security problem are smartphones and people who know nothing about them. There's a new scam around in U.K involving QR codes: Railway stations were using them for customers to buy online tickets. Car parks also use them so people can pay for parking on their phones. Scammers go around pasting a modified QR code over the genuine one on payment machines and the smartphone user gets directed to their lookalike fake website URL. They enter their card details to pay which the scammer then uses to empty their bank account. Somebody lost 12K last week!

But that's not only the users acting recklessly: If it's so easy to fake access to such a service the provider should at least be held responsible for 50% of the risk as well! It's the same as with voting machines: You need some kind of independent validation like a printed ballot coming via a second service line or so ...

It would be nice for developers to recognise the need to validate access to real websites but I suspect whatever is done could be spoofed? AFIK QR codes can be read either by default phone apps or Apps written by the QR service provider. But since you may not have that installed the first scan and web ink is made with the default Apple/Google App or sends you off to the scammers App to install? I occasionally use a 3rd party QR code reader and that always shows the URL text but many probably wouldn't bother to read it or spot a character difference used to go to a fake web page. I'm not a develeoper, but since the internet has been around I've always wondered why html pages can't show creation dates or have fingerprints. You go and search for something and haven't a clue how old the content is you are reading. It's not surprising there's now so much fake content on the web you can't distinguish real from fake or old from new. C'est La Vie!

One reason I've been loyal to David Harris and Pegasus mail for many years is unlike Microsoft alternatives, it hasn't been such a target for hackers, partly due to its simpler text based concept. Unfortunately many commercial emails now need rendering in a browser and run potentially risky scripts. Whatever software protection you use, somebody will find a way around it.

True. But then so far it's stood the test of time without zillions of (MS) updates and security patches, mainly because of linking to a browser. That's what I like about the Pmail renderer being an add on. You can decide to use it or not and opening attachments will always be a risk. I try to make the same argument between true SMS and WhatsApp messaging, but security and privacy aren't high up users lists. Unfortunately, many who have grown used to the more commercial email clients with linked browsers, have got used to the experience and criticise Pmail for its simplicity. I understand the developers are stretched and others have asked for an Android version. For me K-9 mail early versions come, closest but attempts by a new team to engineer new versions destroyed it. I accept the renderer can sometimes show me empty white frames in a bounding box because I know they are links I might normally not want to go to.