Published:2005/05/26  Last Updated:2008/05/21

Inappropriate interpretation of mailto URL scheme by mail client software


The mailto URL scheme is used to designate the Internet email address on a web page. Specifying an email address and body text using the mailto URL scheme gives a template for a mail message. Many mail clients have a function to set a field specified by the mailto URL scheme in a mail header.

RFC2368 defining the mailto URL scheme points out the followings in its Security Considerations section.

  • A mail client should never send anything without complete disclosure to the user of the full message created based on descriptions of the mailto URL scheme
  • It should explicitly display any headers along with the message destination.
  • It is inappropriate to set a header related to mail delivery based on descriptions of the mailto URL scheme
However, some mail clients set the header related to mail delivery based on descriptions of the mailto URL scheme or do not explicitly display the full header.

We published this issue on JVN in coordination with developers, to publicize the issue to users and mail client developers.

Products Affected

  • Mail clients interpreting the mailto URL scheme



An email message may be sent to recipients to whom the user does not intend to send it.


Vendor Status

Vendor Status Last Update Vendor Notes
Saitoh Kikaku Vulnerable 2005/05/27
Edcom Inc. Vulnerable 2005/05/26
Orangesoft Inc. Vulnerable 2005/06/27
Microsoft Co.,Ltd. Not Vulnerable 2005/05/26
JustSystems Corporation Vulnerable 2005/05/26
RimArts, Inc. Vulnerable 2005/05/26
NEC Corporation Not Vulnerable 2005/06/13
Allied Telesis K.K. Vulnerable 2005/06/20
RICOH COMPANY, LTD. Not Vulnerable 2005/06/21
Fuji Electric Systems Co.,Ltd. Not Vulnerable 2005/06/22
Cybozu, Inc. Vulnerable 2005/06/27
FUJITSU LIMITED Not Vulnerable 2005/10/04


  1. IETF
    RFC2368: The mailto URL scheme

JPCERT/CC Addendum


Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.

Other Information

JPCERT Reports
CERT Advisory
CPNI Advisory
JVN iPedia JVNDB-2005-000772

Update History