HTML mails might leak keywords to third parties
Schleuder leaves an encrypted HTML part of a mail untouched, it doesn't fiddle with the content. This might lead to keyword leaks to third parties, for example if x-resend
is used.
Ideas so far how to deal with this:
- Drop the HTML part completely (which would possibly annoy users)
- Parse the HTML, drop possibly sensitive content
- Use a regex, fed with the keywords which were found in the plaintext, on the "stringified" HTML