4. Comparing MUAs
In this table I compiled a number of wellspread mail clients and compared them in the areas of anonymity and privacy protection. Not all MUAs work the same when it comes to composing and sending a mailmessage, thus exposing more or less information to the SMTP server. While smtp.postman.i2p will sanitize ALL security relevant headers it’s still preferred to not create sensitive data in the first place. And this is where different MUAs work differently. Please send me additions if you tested an user agent not contained in this list.
Program: Sylpheed Claws
Platforms: Linux / Windows
Observations: By default exposes version number and platform of the operating system (i686-linux-gnu/win32) and creates a message ID containing a local timestamp and the sender’s mail address. You can and should configure sylpheed to change its behaviour to not sending a message id header at all. By default sylpheed uses the locally configured hostname as HELO string. This setting can be changed too and you should do so when using it with i2p mail. As a bonus sylpheed can be configured to not create a Date headerline which is helpful for not exposing your local timezone.
Rating: you need to pull many levers but at least you can. And this makes it a quite useful program to work with. [95%]
Program: KMail 1.x
Platforms: Linux
Observations:exposes the software version number in the User-Agent header, creates a message ID containing a local timestamp and the sender’s mailaddress. HELO host-name is ‘localhost’.
Rating: Not really bad, has seamless GPG integration, but you cannot switch off generation of certain headers [85%]
Program: Evolution 2.x
Platform: Linux
Observations: exposes the software version number in the X-Mailer: header. Creates a message ID that contains a random stamp but the whole FQDN of your local SYSTEM (if you have one). This means if you are in a local domain like dorm22.universityoftexas.local this information will end up in the Message-Id. HELO host-name is your local host-name.
Rating: Client full of eye-candy but it reveals too much data and crashes too often . [60%]
Program: Opera Mail
Platform: Windows
Observations: exposes software version in X-Mailer: header, creates a message ID containing a random stamp but the whole FQDN of your local SYSTEM!. This information is sanitized – but this is still BAD!!. HELO host-name is your local FQDN
Rating: In normal life very usable client – not suited for the I2P mailsystem [60%]
Program: Mozilla Mailer (Thunderbird)
Platform: Windows/Linux
Observations: exposes software release and OS in the X-Mailer: header. Creates a message ID with a random stamp and the sender domain – not critical. HELO host-name is your sender-domain. This is acceptable.
Rating: Very usable client for win and linux – Consider using it along with enigmail for PGP integration [90%]
Program: Pegasus Mail
Platform:Windows
Observations: exposes software release and OS in the X-Mailer: header. Creates no own Message-ID. HELO host-name is your local host-name. Quite acceptable.
Rating: Quite usable client if there’s nothing else around to use [75%]
Program: Mutt 1.5
Platform: Linux
Observations:exposes software release in User-Agent: header. Creates a Message-ID that contains a local timestamp as well as your local host-name – not that good. HELO host-name is your local host-name per default . You can change the HELO hostname in the configuration file.
Rating: usable client, but you have to configure quite extensively to make it work best in this environment [75%]
Program: MicroSoft Outlook
Platform: Windows
Observations: exposes software release in X-Mailer: header. Creates a Message-ID that contains a random stamp as well as your local host-name – not that good. HELO host-name is your local host-name. Different versions behave differently in terms of mail composing.
Rating: Not exactly rateable since your Outlook might behave completely differently from mine. I would prefer not using it in
the postman.i2p environment