I realise that the images don't pass through MB's servers, so I assume this request will need forwarding to the IA.

While we do check for JPEG file extensions, this has proven to be insufficient. See CAA-23 for a list of what I found in the first few weeks (PNGs, TIFFs, BMPs and HTML files so far).

There are several reasons why it happens:

• The image was taken from a site which served it with the wrong extension.
• The user changed the file extension, thinking that that would convert the file.
• The image was saved from a site which embedded it in a HTML page (or from web.archive.org and their bloody interstitial pages)
• The user changed the file extension just to get around the filter.

In the first two cases, the user has no reason to believe that the image is not a JPEG and in the last case, the user doesn't care, so I think a technical solution is the only option.

The way I would expect it to work is that when someone uploads a file, if it's not acceptable, instead saving the image and printing the code that submits the edit, it wouldn't save the image and would instead print an error with a link to a help page.

Once we add GIF/PNG support, this could also be used to automatically change the extension, so that if someone uploads a PNG as foo.jpg, it's accepted but changed to foo.png.