KMail asks for confirmation before displaying HTML formatted mail. It also asks for confirmation before loading external resources, but it does not aks before folowing a META REFRESH embedde din the HMTL mail, thereby creating a potential security problem as following a meta-refresh leads as much information as loading an external resource. Suggestewd behaviour: when displaying HTML formatted mails, KMail should ask before following meta-refresh in the same was it asks before loading external images. For demonstration of the issue, see https://emailprivacytester.com Reproducible: Always