After talking about this in the SC today, we agreed to deprecate mailcap under the auspices of PEP 594: .

On Thu, Apr 14, 2022 at 11:44 AM Brett Cannon <> wrote:
A CVE has been opened against mailcap (see for details). I'm not aware of anyone trying to maintain the module and Victor did a search online and didn't find any use of the module in the top 5000 projects on PyPI (see the issue). The module is also under 300 lines of Python code that only  (, so vendoring wouldn't be burdensome.

As such, I'm proposing we deprecate mailcap in 3.11 and remove it in 3.13. Any explicit objections?