Hi everyone,
My motivation for building this was to address the trouble of mass unsubscribing from unwanted emails and deleting bulk emails while ensuring privacy and control over the process. With this Chrome extension, emails are not sent to any external servers. All calls to the Gmail API happen locally on your device.
Feedback and suggestions are welcome!
When you say "locally" it usually means it uses the browser's API to navigate the inbox and perform whatever actions necessary. This extension instead requires pretty intrusive permissions, just like the alternative competitors (which are under fire for selling your data).
I appreciate that you state that "data doesn't leave your device", but the whole point of "local" extension is that I don't have to take your word for it.
I go through a lot of emails and what I love recently is being able to sort by sender - then all the emails from the same person are together and it's easier to skim through ("yup, all these are uneeded except this unusual one")
Annoyingly thunderbird allow but not gmail, so I wanted to use thunderbird. But it doesn't easily allow archive-ing, like GMail does.
Contrived but still easy solution: tag all your inbox you want to go through with two labels SetA and SetB. Open SetA in thunderbird, using `a` to remove emails from SetA as if you archived. Then in GMail, use the search `label:setB - label:SetA` and it gives all the emails you wanted to archive. Archive those and done
If you go through a lot of emails, you may be interested in a small product I have developed.
GabrielAI (https://getgabrielai.com) can filter your emails given a GPT prompt and then make a special action, like drafting a reply or apply a label.
I am now introducing a digest if emails. So that every 6 hours (or whatever time) you receive an email with the summary of all the unread emails in your inbox.
It is free for now, but the summary feature is hide by a feature flag.
If you are interested, I can ungate your account.
> GabrielAI will share data from Gmail with 3rd party AI model.
ah yes, since that's what I want all my communications fed through
I believe it's technically possible in Gmail by turning off conversation threading in the settings.
Unfortunately there doesn't seem to be any quick way of toggling between threaded and non-threaded.
In Thunderbird, can't you just move mail from Inbox to All Mail to archive? I don't use archive on my personal inbox in Gmail so not sure how it works.
I use a Google Apps Script to clean up my Gmail inbox. It runs daily, searches for various senders and/or subject lines which are older than a certain amount of time and moves them to the Trash/Bin. It runs without intervention and I've got it set up to report any failures back to my inbox. Since my workplace also uses Google I've even set up a Script for my work inbox on my work account. Various notification emails, e.g. from Slack get cleaned up if older than 3 days old.
I do something a little different, I tag all credit card payment notifications in a particular label, and wrote a google apps script where when a new entry is added, it adds it to my 'tasks'. That way I don't miss any credit card payments
Can you share the code for this?
Done: https://gist.github.com/alimbada/5bc5878338ead31b6308ac9fd74...
The queries are the same as what you'd type into the Gmail search bar to filter emails so you can test them out in Gmail and then add them to the list. I've added a comment to the gist with an image showing the trigger to run it daily. You can run it manually from the Google Script editor too for testing.
Edit: Forgot to mention I removed a bunch of queries and only left a few in as examples.
I recently made my first Firefox extension and was surprised how simple it actually was (just for personal use: I had to repeatedly copy lots of data which I already had in a spread sheet into a web form - the extension lets you copy a whole row of data from the sheet and paste in into consecutive form fields on the website). As usual, it's not clear whether it was actually less work to develop the extension than it would have been to just manually put in all the data, but it was definitely better for my mental health.
Perhaps I will look into developing more serious extensions in the future, it was actually a quite pleasant experience.
Is it fair to say that developing extensions for Chrome is comparable?
For extensions which primarily add functionality to a target site, you can usually run the exact same extension code in Chrome, Firefox and Safari.
The latter two have API differences from Chrome - e.g. using the `browser` namespace for extension APIs instead of `chrome`, and Promises instead of callbacks for async functionality - but for the sake of compatibility they also implement Chrome's version of these APIs [1][2], so if you just use the Chrome APIs and don't venture into the more browser-internal APIs such as bookmarks, the same extension code will likely run everywhere, with some specific differences/incompatibilities noted in the docs below.
If you were to create a new cross-browser extension today, one of the main issues would be that Chrome Web Store no longer accepts new MV2 extensions so you have to use MV3 for it, but MV3 in Firefox currently has some serious usability issues around permissions which are being addressed in upcoming releases [3] so you'll want to use MV2 for it, however this likely just means you'd need to have separate MV2 and MV3 manifest.json files which get bundled into different zip files for submission to the different browser extension stores. I had to do this recently for one of my extensions [4]
[1] https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/Web...
[2] https://developer.apple.com/documentation/safariservices/saf...
[3] https://blog.mozilla.org/addons/2024/05/14/manifest-v3-updat...
[4] https://github.com/insin/control-panel-for-twitter/commit/59...
Cool!
Yes it's pretty similar. There just some minor API differences. e.g
Chrome - chrome.tabs.query(queryInfo) Firefox - browser.tabs.query(queryInfo)
So you could easily port any firefox extension to chrome and vice-versa using the same codebase.
Oh, it's that similar? That's actually really cool then.
I would rather be able to see statistics about the domains of the email I receive instead, to see offenders etc. I already created a lot of filters for that, which helps a lot do some cleanup.
Also, I seem to have a lot of attachments, like a lot, and I can't clean them up, because gmail doesn't let me see the datasize clearly.
I downloaded my mail as an export, I think EML, I wanted to build a mail list myself to see attachments with a python script, but I think gmail doesn't export all the metadata of how mail are chained with each other and such.
Unfortunately, I think your extension cannot really do statistics on an existing mailbox, to see a map of mail counts per domain.
At the moment the extension's side bar shows mail count per sender, not domain. You can also order from highest to lowest. Does that suffice for you?
You're right Gmail does not show the datasize clearly, but to get emails with large attachments, you can use search filters like: "larger:15M", where 15M is 15 megabytes. It's not exactly what you want but might help
Gmail API gives you the email file as MIME file.
From there is a bit up to you and depending on actually what data you get.
But I had a reasonable simple time with parsing it and getting data out of it while building https://getgabrielai.com
That reminds me of xobni, which MS acquired years ago. It was pretty awesome, when it first came out.
Funny! I am working on something similar for myself. But not restricted to just Gmail. I really want to clean up this mess in my accounts.
How did you go about the unsubscribe functionality? Also, I think I saw that Gmail has that feature themselves now.
Oh that's cool!
As at Febuary, Gmail introduced new guidelines for bulk email senders to make it easy unsubscribe from by adding a value for "List-Unsubscribe"
https://support.google.com/a/answer/81126?hl=en&visit_id=638...
So unsubscribing is simply a POST request to the value of this email header (List-Unsubscribe) - which is a link and comes as part of the email headers in the Gmail API response
The alternative approach is to parse the content of the email and use regex to get the unsubscribe link using the likely words. e.g links with words like: unsubscribe, opt-out etc..
Yes, Gmail has the unsubscribe functionality. Unfortunately, you cannot mass unsubscribe. If you have over 100 unwanted subscriptions you would have to unsubscribe from each one at a time.
Hope that helps you
>Yes, Gmail has the unsubscribe functionality. Unfortunately, you cannot mass unsubscribe. If you have over 100 unwanted subscriptions you would have to unsubscribe from each one at a time.
That is a valuable info. Thank you!
>The alternative approach is to parse the content of the email and use regex to get the unsubscribe link using the likely words. e.g links with words like: unsubscribe, opt-out etc..
That's how I started to implement it. But then again you will need to go through every unsubscribing process manually...
Best of luck with your extension!
Thank you!
Is yours open source? I'd be interested in contributing.
I'm just very wary of giving closed source extensions "the keys to the kingdom" and complete access to all of my eamil.
I don't get it...
> With this Chrome extension, emails are not sent to any external servers.
Don't you have to send an "Unsubscribe" email? To an external server?
> All calls to the Gmail API happen locally on your device.
Aha, you mean in comparison to a "SaaS" where these things happen on a third party server...
I assume you've answered your question but just to explain further:
So generally in order to actually help you mass unsubscribe from unwanted emails, most email cleaning tools handle your email data on their server. The process of parsing email data to fetching unsubscribe links or unsubscribe instructions etc..
So there's a trust problem where some tools have been caught selling user data: https://www.nytimes.com/2017/04/24/technology/personal-data-...
So the goal here with InboxPurge is to move all these processes related to your email data to your device(browser), ensuring your privacy.
In another post, you mention that there’s a header that can include an https link to POST a request to unsubscribe. So this extension and anything like it must be able to read email and send POSTs to arbitrary endpoints[0].
> ensuring your privacy
But only if we trust the extension author (and the authors of all of the transitive dependencies) to be neither malicious nor incompetent… right? I don’t know of resources that explain exactly what actions each permission in the manifest grants the extension to perform, nor a characterization of the execution environment of extensions. Do all browsers handle these matters similarly? Does some browser provide any more isolation or sandboxing than any other?
Edit: by no means did I mean to throw shade or cast doubt on your extension, I’m just grumpy in general and in particular about browser extensions, since nowadays “the browser is the OS”.
[0] or maybe there’s a gmail api that does it for you, and this extension actually can’t make arbitrary http connections?
I might be misinterpreting your question but I'll try to explain further, hopefully it makes sense:
So the way most email cleaning tools work is:
- Scan your emails for all your subscriptions - via Gmail API - Each subscription has a link, that link is what is used to unsubscribe the link can either be in the email header or email body - This can be a POST request or a GET request, in some complex cases a mail send to unsubscribe - With this link for each mailing list, mass unsubscription can happen
So the main difference here is, other tools do this on the third-party servers. InboxPurge does this on your browser/device (specifically the email scanning bit). Making HTTP requests to the Gmail API from your device.
Yes, it's also possible to build a browser extension that does this on a third-party server.
*Other things happen depending on the email cleaning tool but I've tried to simplify to explain better.
Hope it was helpful.
You can find the list of browser permissions a Chrome extension can request for here: https://developer.chrome.com/docs/extensions/reference/manif...
So this give very little info on how the bulk email deletion works.
For instance at last look I had north of 40k emails from ebay. I can't just delete them all as I want to keep anything that is related to either an order I placed or an item I sold. I have went back 15+ years before to find part numbers before.
But I have no interest in the 38000+ marketing emails from them. (I kinda wanna keep getting them but don't want them a week after I get them.
And if I recall correctly the emails have often come from the same accounts so I can't even filter by that.
Would you pay for that?
I developed GabrielAI (https://getgabrielai.com) an assistant for Gmail.
You provide a GPT prompt and it scan all the new emails. If the email matches the prompt it will do an action. Either drafting a reply for you or set a label.
It will be trivial to go through the whole inbox. But expensive.
It is a nice feature to add though...
You can use a Google Apps Script for that, similar to what this guy did
nice work, I wouldn't pay monthly for this, but I would buy a one time license.
Thank you! I appreciate. I'm happy to help if you have any questions or feedback.
Nice extension, though due to the permissions it asks for its not for me. I did browse around the CRX source code and would have to say the license part is easy to bypass. You might want to work on that if you don't want to miss on some of your sales.
Thank you
I was looking for this for some time. Bought the 7-day license and it was useful.
I would love to preview some emails (are these just promos or do they include receipts?), perhaps by hovering or clicking the sender.
Thank you!
Yes this is the actual working flow. When you click on a sender it should show the emails sent by that sender. Unfortunately, at the moment there's a bug. I'm waiting for a Chrome store review approval for the version with the fix to be published.
I will reply here once it's approved
The version with the fix has been approved and it's now live. Clicking the sender email should show you all emails sent by the sender now. Let me know if you have any issues. Happy to help!
Thank you! I will check it out
Nice! Great work! I’ve been building https://getinboxzero.com. It’s open source
If data doesn't leave my device, how can you claim "37,414,937 emails with our privacy-focused cleaner"? How do you know that number?
We store stats like "unsubscription count" and "deletion count". Your emails do not need to leave your device for that data.
Can I use your extension to run stats on my inbox? Like I want to find which sender has been hogging my inbox space, by size and by frequency etc.
The extension lists the mailing lists you're subscribed ordered by the frequency (the amount of emails the sender has sent), does that handle your usecase?
Yes, that is exactly what I want. Super cool.
Looks useful. Just wondering, how did you make the overview video on the landing page?
Thanks!
I used https://screen.studio/ for the showcase videos and for the YouTube video I used a combination of Canva/Eleven Labs + Some manual mouse zooming
I still wish GMail supported deleting attachments without deleting the whole email.
Please make a Firefox extension as well
It's not planned for at the moment but will definitely look into it in the near future.
But just in case you use any of these browsers, it works on other chrome-based browsers aside from Chrome: - Brave - Opera - Edge - Opera GX
its imperative that firefox extensions be given preferential treatment because otherwise you are just playing into the hands of google's monopoly over the internet.
its a chicken and egg problem that you as a developer can help tilt in favour of an open web. If your product works on firefox as well, your customers wont be forced to choose chromium, then stats otherwise will say there are more chromium users.
I wish it were clear this was a paid subscription up-front.
It's free for up to 20 mailing list unsubscribes/deletes per month. You only have to pay if you want unlimited access. It's made clear on the landing page. Sorry if 20 was not enough for you.
I like your attitude, but this statement:
> while ensuring privacy
...is rather contrary to gmail's whole business model.
I've set up a filter that moves emails that contains word "unsubscribe" to trash.
Unfortunately I have found that a lot of transactional mails include unsub links even on things that maybe I should not unsubscribe from, like receipts and billing statements and customer service interactions that I initiated and thought had gone unanswered.
Filters only affects new incoming emails. If that's your intention, then that works perfectly. Of course this also means you never want to see a newsletter in your Inbox.
In cases where you want to mass delete older emails that you previously subscribed to, you might find InboxPurge useful.
You can apply filters to older emails.
Oh interesting, didn't know this
Did you know you can just click the unsubscribe button and then you won't need a filter?
I assumed that if you hit unsubscribe they would immediately sell your email. I've seen a lot of spam sent with an unsubscribe option.
Don't click on unsubscribe, click on report spam instead, without unsubscribing.
Your privacy policy says this:
> InboxPurge will only use your Gmail data accessed via the Gmail API to read or control Gmail message metadata (including attachment information), headers, and message content, to enable you to process (delete/move/archive/unsubscribe from) emails. It will not share this Gmail data with others unless required by law.
But how can you share data if required by law when in a previous paragraph you say you are not collecting this data and it never leaves my device?
All these processes happen on your browser(device). The extension uses the Gmail API locally on your browser to perform all the necessary tasks. Your emails never get sent to any external server.
I hope that answers your question.
Edit: Just to add more context. The Google Oauth verification team requires that statement in the privacy policy.
So what information “can” be shared with law enforcement agencies?
And which jurisdiction is this service governed in?
I think there is just many ambiguities which do not seem clear to me at all.
I've added edit to explain why that particular statement is in the privacy policy
It's technically not possible from InboxPurge's perspective. As there'd be no email information to share
Just a heads up, you did not update the date of last update at the top of the policy following the changes you made.
I can’t tell whether you’re being cheekily obtuse or missing the point -
If required by law to share that information, what steps would you take to fulfill that legal requirement?
Is the implication that despite you being legally obligated to do so, you would in actuality have no method for sharing said information, and would therefore have nothing to offer law enforcement?
I'm sorry if you felt like I was intentionally missing the point.
I've added edit to explain why that particular statement is in the privacy policy
It's technically not possible from InboxPurge's perspective. As there'd be no email information to share.
Thanks for picking this up, I thought about trying it out and am very glad that you did go through it.
I don’t think I would touch it anymore.
I already explained in a reply:
"All these processes happen on your browser(device). The extension uses the Gmail API locally on your browser to perform all the necessary tasks. Your emails never get sent to any external server."
Hope you give it a try.
Sorry I feel like you really need to make the FAQ and legal terms a lot clearer.
Otherwise I think a lot of people would be easily deterred by the current/similar statements.
Thank you for sharing and taking the time to answer questions though.
I totally understand. Unfortunately, that particular statement was required by Google OAuth verification team to verify InboxPurge. I'll figure out a way to make it clearer. Thank you.
"Locally" here means, calls to the Gmail API are triggered directly from your browser(device) not on any third-party servers.
I totally understand your concern. Unfortunately, to perform those actions(unsubscribe/delete etc..) on your behalf while using the API, those "intrusive" permissions are required. If it wasn't needed, Google oauth verification team would not have approved.
I tried to explain the usage for each permission here: https://www.inboxpurge.com/permissions
But if you are a browser extension I would have expected you wouldn't need your own permissions at all: you would either be scripting the UI of the client to accomplish your goals or stealing its authentication.
As someone with a lot of experience in working on a Chrome extension that interacts with Gmail specifically, there are two reasons I'd expect an extension like OP's to integrate with the official Gmail API instead of poking the Gmail web app's internal API directly: 1) the official Gmail API is stable, documented, and doesn't take reverse-engineering to use, and 2) the Gmail web app's internal API is pretty strongly rate-limited for some actions.
If an extension only does actions involving the UI and data visible on screen within the Gmail webpage at a regular user pace, then I wouldn't expect it to strictly need the official Gmail API much. But this would mean the extension can't operate on emails that aren't on the current visible page, etc.
Tbh I didn't really consider this approach as I didn't think it was possible (that's if it is). Also I'm not so comfortable with hijacking authentication session. I very much prefer making the user actually grant permissions to the required scopes and making it clear what the access is used for.
Stealing the authentication is arguably way more invasive than this strategy.
I mean, we can argue lots of things, I guess ;P, but an extension already has access to that authentication token, and pretending otherwise is a bit... "performative"? The expectation I have with an extension--as someone who used to manage an entire ecosystem of such extensions of native software for a decade--is that it is a true extension of the application that it is extending, similar to if we had the original source code to patch.