I must be missing some knowledge. What does blacklisting the image mimetypes mean? For me it means forcing to download these image attachments when you click on them vs displaying them inline.
What does this have to do with PR? What is the security need?
Thanks