On Fri, 20 Jan 2012 00:21:08 +0100, Pieter Praet <pieter@praet.org> wrote: > So, would I be right to assume MML tags in signatures are never > evaluated to begin with? Otherwise, there would still be a security > hole, no? I am thinking of MML tags that a user puts in their own signature. If that case is a security hole, then the hole is in the user’s brain and not in notmuch. :) -- Aaron Ecay