HTTP is required for images in emails and NNTP for news groups. The default email client policy should have them. People who do not want them can remove them.
Without these the policy for thunderbird etc always changes to custom (if learning is allowed) and will confuse users. It learning is not allowed pop-ups will occur.
The same is true the other way around… you can just add the ports to your set.
I don’t care if the name of the policy it uses is called something different (e.g. Custom rather than Email), as long as it is properly secured for what you need. Opening 80, 88, and other ports that are not used strictly for “email” does not make sense… unless of course you want to customize your version to allow News Groups or downloading of pictures (idk why you would want to open yourself up to such a vulnerability).
Most users would at least want HTTP on their email program. It is less confusing if it stays on “email client” rather than changing to custom. The average user would probably use safe mode so it would learn the rules anyway giving no extra security. The only way they would get the security is by using and email client that does not download images by default.
I’ve only used Safe Mode twice… both times it set the rule as “Allow All Connections on All Ports” even though it was clearly not needed. Since then, I haven’t used it.
I wasn’t aware images were downloaded through the HTTP ports. I just don’t think the average user is going to care much if the policy says “Email” or “Custom”. Either way, I’ll lean towards the agree side for the required HTTP ports if they are needed for images.