> Does this mean that WKD would always be enabled? > If so, this potentially leaks from whom email is being received to third > parties, and I will patch my copy of mutt to remove it.
It is triggered only when you want to send an e-mail *to* a person AND explicitly enable encryption AND you don't have their key locally. Then it queries that person's HTTPS server.
It is not triggered when receiving e-mails. Kind regards, Wiktor -- https://metacode.biz/@wiktor