Disable User-Agent Header in email
Outgoing email includes the user-agent header. I would like to disable or modify the string for better security.
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.8.0
Thanks...
วิธีแก้ปัญหาที่เลือก
Sure change it. But expect issues with mail rejection, spam filters and poor reception generally. Many providers look for odd entries to use as spam indicators.
use the config editor to set the preference general.useragent.override to your desired user agent.
อ่านคำตอบนี้ในบริบท 👍 1การตอบกลับทั้งหมด (7)
วิธีแก้ปัญหาที่เลือก
Sure change it. But expect issues with mail rejection, spam filters and poor reception generally. Many providers look for odd entries to use as spam indicators.
use the config editor to set the preference general.useragent.override to your desired user agent.
I would like to disable or modify the string for better security.
What kind of security gain to you expect by doing this? Security by obscurity doesn't hold water.
Thanks Matt, your solution worked.
I know it will work. I also know it is an exceedingly poor idea, hence christ1's comment. Just don;t complain when you loose something valuable because your email did not get delivered because of your decision. We tried to warn you.
Matt said
Sure change it. But expect issues with mail rejection, spam filters and poor reception generally. Many providers look for odd entries to use as spam indicators. use the config editor to set the preference general.useragent.override to your desired user agent.
You can create a new string variable and just click "Apply" which will leave it empty.
In this case Thunderbird will omit the User-Agent header altogether.
Matt said
I know it will work. I also know it is an exceedingly poor idea, hence christ1's comment. Just don;t complain when you loose something valuable because your email did not get delivered because of your decision. We tried to warn you.
I have yet to find an email provider which pays attention to this header.
Sorry to say it but your concern is not a concern. Maybe two decades ago it was the case.
Artem S. Tashkinov said
Matt said
I know it will work. I also know it is an exceedingly poor idea, hence christ1's comment. Just don;t complain when you loose something valuable because your email did not get delivered because of your decision. We tried to warn you.I have yet to find an email provider which pays attention to this header.
Sorry to say it but your concern is not a concern. Maybe two decades ago it was the case.
Yeah, you might be right, but how much to you have to do with the spam filtering used by the global mail filtering groups which turn peoples mail into spam because it does not meet their personal idea of what an email should look like?
Just because you or I am not aware of someone or something looking at this does not make it either a recommended change or a good one. Sure change it if you like. But don't complain if your mail simply disappeared into a blackhole, submission is rejected or whatever.
Apparently I have offended your sensibilities for you to pipe up in a topic that has not seen any activity for 6 months, so perhaps you might like to present your credentials as to your personal involvement in message filtering and blacklisting to make your opinion that no one looks valid. At this point all I and others know is you made two posts to this forum. Both in this topic.
I see no reason at all to think removing the header or presenting false data has any purpose at all. Except to increase the messages spam score. Have you tried to submit email to a Google or Outlook SMTP server with application passwords enabled without the header information to see if it works? I have not, so I err on the side of caution.
I will stick to conservative advice until such times as I am proven wrong, and I would be happy if you could support your opinion with something concrete. If I am wrong I would be happy to learn, but at this point all I have is an unsubstantiated assertion.
BTW 20 years ago open relay was fairly normal. Validation of the sender was not even performed in that case, let alone a user agent being checked.