Mailsploit vulnerable for spoofing or not?

Since yesterday information about the Mailsploit vulnerability is worldwide available. On the infopage at there is a Google Sheet attached with tested mail clients including eM Client. eM Client is listed as not vulnerable but if you make the test with your own mailaddress at the same page, the sender address is spoofed. At least in my test with the actual installed version 7.1.3.xxxx i receive mails with the sender [email protected] instead of [email protected].

Is there a newer version which is fixed, available? If i try the check for updates from within eM Client, i cant find a newer version.

In eM Client 7.1.31658, all 14 tests show different variations on [email protected].

Hovering over the displayed sender’s address, however, definitely shows the true address in 11 of the 14.

I think this should be fixed. I see this as a sort of bug.

Hello, we explained this behavior in our newest Community update and also mentioned our planned improvements: