Evolution Mail Users Easily Trackable Part 3, One Year On

View Markdown Other Articles

Article written by a human: Mike Cardwell

One year ago this week, I wrote (twice) about some privacy problems that were being experienced by users of the Evolution Mail email client from the Gnome project. Problems that they turned out to have known about for years, and weren't happy about me publicising.

A few days later, I wrote about a bug that allows an email sender to easily consume all of an Evolution Mail users free disk space, within seconds of the recipient simply opening an email. Also, a bug with how they handle caching of attachments.

One year on, none of these problems have been dealt with:

If you're an Evolution Mail user, you should know that you're using software that is managed by people who don't care about these issues. They are happy to create an issue upstream for a dependency and then wash their hands of it, letting it rot for years.

I switched to using Claws Mail with the light HTML extension because of this, and I have been using it for most of the last year. But to be honest, I prefer Evolution Mail's UI, and I missed it. It is an otherwise good piece of software, and it pains me to see it's development managed so poorly.

I recently switched back to using Evolution Mail, but only after I made it safe(r) to use by sanitising my incoming email at delivery time. I filter my incoming email through Sanimail so that the HTML parts that cause network traffic without clicking "Load Remote Content" are removed, thanks to --policy standard. The gzip bomb and cache problems are addressed by a combination of Sanimail's --remote-inline option and --remote-max-bytes and --remote-item-max-bytes defaults.

There are many benefits to using Sanimail; making Evolution Mail safer to use is only one of them. Check out the documentation for the rest.

See you in a year (probably) for the next enthralling chapter of, "yeah, this shit is still broken 🤦‍♂️"