[sylpheed:36708] Re: Is Sylpheed vulnerable to Efail?

Javier sylfiger at gmx.com
Mon May 21 09:12:53 JST 2018

On Sun, 20 May 2018 09:09:17 +0900
"Stefan A." <stefan.a at portblue.net> wrote:

> Since Sylpheed and Claws share many similarities, and since parsing of
> HTML emails in Sylpheed is intentionally basic, is it safe to assume
> that Sylpheed is not vulnerable to Efail?



Have in mind that, beyond the basic HTML parsing, Sylpheed doesn't
download/request external resources, that is where the Efail
relies to for the successful attack. As when the external resource is
requested, with the malformed HTML, is sent also the content of the

That AFAIK, can't happen to Sylpheed. Even doesn't use S/MIME (even
though OpenPGP is kind of MIME).

The Efail, beyond the media noise, is the old recommendation:
beware with HTML mails and external resources on it.

Plain text forever. No need of fancy.


More information about the Sylpheed mailing list