Hi! All emails sent by XC's sendmail contains the following email headers: X-Source, X-Source-Args: (generally /usr/bin/php in linux) and X-Source-Dir. The main problem is the X-Source-Dir, an header with a full path disclosure of the script used to send the mail. This presents a security problem since certain directories and scripts should never be known to anyone but the Webmaster. The problem is compounded if the user are using a shared hosting (and most users uses it).