Mail clients are notorious for sending information not really required for mail conversations. They leak their identity and version number, sometimes even the operating system in User-Agent and X-Mailer headers. They leak the locally set time zone in the Date header. And sometimes they leak the private IP addresses during mail sending.

Here I document some settings to hide this information in my preferred mail clients. Note: Hiding this metadata might not be enough to fully disguise your choice of mail clients. The ordering of mail headers was not tackled, behavior with attachments varies equally high and other details disclose the mail client identity.

Thunderbird

Thunderbird is a very popular mail client. While it prevents loading external resources by default, there are still improvements to be made.

First off, Thunderbird by default sends a User-Agent header disclosing its identity. Up to Thunderbird 102, it sent a User-Agent similar to web browsers such as Firefox, e.g. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.12.0. If you still run such version, you can suppress the User-Agent header by setting general.useragent.override in the advanced settings to an empty string.

Since Thunderbird 115, there are two new preferences controlling the User-Agent. mailnews.headers.sendUserAgent controls if an User-Agent is sent at all. I recommend setting this to false. mailnews.headers.useMinimalUserAgent reduces the User-Agent to Thunderbird. Finally no version number, no operating system, no CPU architecture. On Arch Linux in a fresh Thunderbird profile, this setting is true by default.

To hide the time zone, set mail.sanitize_date_header to true. Surprisingly, this will not only change the time zone to UTC, but also nullify the seconds in the Date header. This way, time desynchronization of a couple of seconds is obfuscated. At the same time it might be a vector re-identifying Thunderbird amongst other mail clients.

Additionally, Thunderbird adds a Content-Language header by default. You can prevent sending it by setting mail.suppress_content_language to true.

Telemetry

Contrary to the other two mail clients in this article, Thunderbird contains telemetry. A great list tackling this problem is available in German at privacy-handbuch.de. Alternatively, you might get happy with the arkenfox user.js fork for Thunderbird from HorlogeSkynet.

Neomutt

Neomutt is a reasonable mail client regarding user privacy. Nonetheless, some improvements are possible.

If you don’t send a human-readable name alongside your email address, neomutt falls back to using your Unix username’s comment field. To prevent this, unset gecos_mask in your muttrc file.

By default, neomutt sends timestamps in the local time zone, e.g. Date: Fri, 08 Sep 2023 14:30:37 -0700. To always send in the UTC time zone, unset local_date_header in your muttrc file.

Next, neomutt uses a random base32 string for the Message-ID header. To match the behavior of other popular mail clients such as Thunderbird, set my_hdr Message-ID: <`uuidgen -r`@example.com> in your muttrc. Remember to re-set this config option whenever you change the hostname for different accounts.

Finally, neomutt uses the value in $hostname for the EHLO SMTP greeting. To hide a potential private IP address and match the others, set hostname = "localhost".

In summary, set these options in your muttrc file:

unset gecos_mask
unset local_date_header
my_hdr Message-ID: <`uuidgen -r`@example.com>
set hostname = "localhost"

FairEmail

FairEmail is a modern, privacy respecting mail client for Android. It prevents loading external resources by default and uses IMAP IDLE to instantly notify on new messages without sending your credentials to another server (which is seemingly not standard anymore).

To enhance your privacy, you can avoid sending the fact that you are using FairEmail and how your time zone is currently set by going into its settings. Under the Privacy tab you find the following two settings: Screenshot of FairEmail Privacy Settings, highlight box around &ldquo;Send app name and version to email server&rdquo; (disabled) and &ldquo;Send messages without timezone data&rdquo; (enabled)

To also hide the local IP address in the SMTP EHLO message, you can set FairEmail to always use localhost. The setting can be found in the advanced identity settings per identity. For authenticated sending this string shouldn’t matter at all, but is recorded in the Received mail header. Screenshot of FairEmail Advanced Identity Settings, highlight box around &ldquo;Use local IP address instead of hostname&rdquo; (activated) and &ldquo;Custom HELO/EHLO identification&rdquo; (set to &ldquo;localhost&rdquo;)