The User-Agent: header can be fun and interesting and useful for
debugging, but it also leaks quite a bit of information about the user
and their software stack.
This represents a potential security risk (attackers can target the
particular stack) and also an anonymity risk (a user trying to
preserve their anonymity by sending mail from a non-associated account
might reveal quite a lot of information if their choice of mail user
agent is exposed).
Users who want to configure `user_agent` to `yes` can still do so, but
it makes sense to have safer defaults.
Closes: #159
** Normally, the default should work.
*/
#endif /* HAVE_GETADDRINFO */
- { "user_agent", DT_BOOL, R_NONE, {.l=OPTXMAILER}, {.l=1} },
+ { "user_agent", DT_BOOL, R_NONE, {.l=OPTXMAILER}, {.l=0} },
/*
** .pp
** When \fIset\fP, mutt will add a ``User-Agent:'' header to outgoing