Giedrius Liubavičius

As I understand it abuse is only possible if attachment of Content-Disposition: INLINE is decrypted and thus displayed on reply. Not really a case here. In my case - not hidden/wrapped real attachment (Content-Disposition: attachment, mime type Content-Type: application/octet-stream and not used from body part). It is displayed inline just because of Thunderbirds' setting to show displayable attachments (plaintext, photos) inline with notable separation from email body. I suggest to add an exception...

Inline displayed attachments not decrypted