That I know of, my research has so far lead to fixes for Apple Mail, Thunderbird 3, IMP, Roundcube and K-9.
Apple Mail and iPhone
Android and K-9
Thunderbird 3 and Webmail
I have built an online tool for testing whether your email client is susceptible to any of these attacks.
Enter your email address, and it will send you a specially formatted email which attempts to "callback" to my server. The webpage where you enter the email address will then display the results for you as they come in.
I suspect there are similar problems in many email and webmail clients that I have not discovered yet, but that this tool will uncover. If you find any, please let me know by commenting on this blog post, and please submit bug reports to the developers of the software.
You can access the application here. Please read the text on the page before submitting your email address as it may help prevent confusion about what is happening on the results page.
A number of flaws were found in OpenWebmail by somebody using this application. I reported them on their dev mailing list and they have now been fixed. Somebody else found a leak in Microsoft Entourage using this application and I bug reported it a few weeks ago. Still waiting for feedback on that one. I'm also still waiting for feedback on the Outlook 2007 one. The open source projects have been considerably faster to respond than Microsoft and Apple.
If you want to read more stuff like this, follow my blog or check out the rest of my articles: All, Email related, EmailPrivacyTester related, Privacy related. If you found this article helpful, interesting or entertaining, and wish to donate:If you want to leave a tip: