Mailsploit vulnerable for spoofing or not?

S111 · December 6, 2017, 8:05pm

Since yesterday information about the Mailsploit vulnerability is worldwide available. On the infopage at https://www.mailsploit.com/index there is a Google Sheet attached with tested mail clients including eM Client. eM Client is listed as not vulnerable but if you make the test with your own mailaddress at the same page, the sender address is spoofed. At least in my test with the actual installed version 7.1.3.xxxx i receive mails with the sender [email protected] instead of [email protected].

Is there a newer version which is fixed, available? If i try the check for updates from within eM Client, i cant find a newer version.

Gary · December 6, 2017, 8:50pm

In eM Client 7.1.31658, all 14 tests show different variations on [email protected].

Hovering over the displayed sender’s address, however, definitely shows the true address in 11 of the 14.

S111 · December 7, 2017, 10:45am

I think this should be fixed. I see this as a sort of bug.

Olivia_Rust · December 8, 2017, 12:54pm

Hello, we explained this behavior in our newest Community update and also mentioned our planned improvements: https://forum.emclient.com/emclient/topics/em-client-and-mailsploit