Kmail, spam, and spoofing
A long way back, I wrote Kmail’s development team about a vulnerability/problem in their product: Kmail HTML Support Allows Spoofing of Emails’ Content, amazingly enough a year (almost) after I posted this, I have started to see spammers use this problem when they send out spam.
Why is this even a problem?
1) It’s annoying, the HTML is all over the place, it hides the sender, and depending on your kmail configuration other fields that should be visible (for example the Spamassassign’s spam rank)
2) It can be used to potentially spoof emails – as you can “create” a fictitious email
Will this new breed of spam get the kmail dev team to fix the issue, only time will tell…