> only-encrypted (not signed) message (signing is good
> practice),
Or the client decrypts it even if unsigned, or the attacker signs the message.
> clients that do not do MDC (MDC was introduced in 2000, every non-prototype client uses it)
I think the client would not only need to use MDC, but also enforce its presence and validity, which is somewhat more likely to allow an attack.
> client that rendered HTML mail with broken markup,
The HTML5 specification defines exactly how HTML inputs should be processed for nearly every possible input, so this applies to any HTML5 compliant email client.
> client that automatically fetches remote resources
I have this turned off in my client, but many email users these days (possibly even those using GPG) have settings to automatically download remote content.
Or the client decrypts it even if unsigned, or the attacker signs the message.
> clients that do not do MDC (MDC was introduced in 2000, every non-prototype client uses it)
I think the client would not only need to use MDC, but also enforce its presence and validity, which is somewhat more likely to allow an attack.
> client that rendered HTML mail with broken markup,
The HTML5 specification defines exactly how HTML inputs should be processed for nearly every possible input, so this applies to any HTML5 compliant email client.
> client that automatically fetches remote resources
I have this turned off in my client, but many email users these days (possibly even those using GPG) have settings to automatically download remote content.