Omit User-Agent: header by default (!49) · Merge requests · Mutt Project / mutt

Daniel Kahn Gillmor requested to merge dkg/mutt:default-no-user-agent into master Jul 14, 2019

The User-Agent: header can be fun and interesting and useful for debugging, but it also leaks quite a bit of information about the user and their software stack.

This represents a potential security risk (attackers can target the particular stack) and also an anonymity risk (a user trying to preserve their anonymity by sending mail from a non-associated account might reveal quite a lot of information if their choice of mail user agent is exposed).

Users who want to configure user_agent to yes can still do so, but it makes sense to have safer defaults.

Closes: #159 (closed)

Omit User-Agent: header by default

Merge request reports