Claws Mail supports plugins and stored credentials; security depends on transport and plugin hygiene.
- Enforce TLS for IMAP/POP3/SMTP and verify certificates.
- Use per-account app passwords or tokens.
- Restrict local profile directory permissions.
¶ Plugin and Extension Controls
- Install plugins only from trusted sources.
- Disable unused plugins to reduce attack surface.
- Keep plugin and client versions patched.
¶ Message and Attachment Handling
- Disable automatic remote content loading in messages.
- Scan attachments before opening.
- Use GPG/SMIME for sensitive message integrity/confidentiality.