diff --git a/CHANGELOG b/CHANGELOG
index 405eb6aa..0a2bcf41 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -8,6 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 Support PGP
+Take into account Sender header
 
 ## [1.1.0] - 2020-03-13
 Support multiple Mailboxes
diff --git a/app/dashboard/views/mailbox_detail.py b/app/dashboard/views/mailbox_detail.py
index c87fe34a..32cf8f13 100644
--- a/app/dashboard/views/mailbox_detail.py
+++ b/app/dashboard/views/mailbox_detail.py
@@ -54,9 +54,7 @@ def mailbox_detail_route(mailbox_id):
                 ):
                     flash(f"Email {new_email} already used", "error")
                 elif not can_be_used_as_personal_email(new_email):
-                    flash(
-                        "You cannot use this email address as your mailbox", "error",
-                    )
+                    flash("You cannot use this email address as your mailbox", "error")
                 else:
                     mailbox.new_email = new_email
                     db.session.commit()
diff --git a/email_handler.py b/email_handler.py
index 249a0a85..e1f05306 100644
--- a/email_handler.py
+++ b/email_handler.py
@@ -313,8 +313,9 @@ def handle_forward(envelope, smtp: SMTP, msg: Message, rcpt_to: str) -> str:
         # add custom header
         add_or_replace_header(msg, "X-SimpleLogin-Type", "Forward")
 
-        # remove reply-to header if present
+        # remove reply-to & sender header if present
         delete_header(msg, "Reply-To")
+        delete_header(msg, "Sender")
 
         # change the from header so the sender comes from @SL
         # so it can pass DMARC check
@@ -405,9 +406,7 @@ def handle_reply(envelope, smtp: SMTP, msg: Message, rcpt_to: str) -> str:
     # in this case Postfix will try to send a bounce report to original sender, which is
     # the "reply email"
     if envelope.mail_from == "<>":
-        LOG.error(
-            "Bounce when sending to alias %s, user %s", alias, gen_email.user,
-        )
+        LOG.error("Bounce when sending to alias %s, user %s", alias, gen_email.user)
 
         handle_bounce(
             alias, envelope, forward_email, gen_email, msg, smtp, user, mailbox_email
@@ -467,6 +466,9 @@ def handle_reply(envelope, smtp: SMTP, msg: Message, rcpt_to: str) -> str:
     # make sure to delete it
     delete_header(msg, "Reply-To")
 
+    # remove sender header if present as this could reveal user real email
+    delete_header(msg, "Sender")
+
     add_or_replace_header(msg, "To", forward_email.website_email)
 
     # add List-Unsubscribe header
diff --git a/tests/api/test_new_custom_alias.py b/tests/api/test_new_custom_alias.py
index 9f2f6a93..e889df94 100644
--- a/tests/api/test_new_custom_alias.py
+++ b/tests/api/test_new_custom_alias.py
@@ -50,7 +50,7 @@ def test_create_custom_alias_without_note(flask_client):
     r = flask_client.post(
         url_for("api.new_custom_alias", hostname="www.test.com"),
         headers={"Authentication": api_key.code},
-        json={"alias_prefix": "prefix", "alias_suffix": f".{word}@{EMAIL_DOMAIN}",},
+        json={"alias_prefix": "prefix", "alias_suffix": f".{word}@{EMAIL_DOMAIN}"},
     )
 
     assert r.status_code == 201
diff --git a/tests/api/test_new_random_alias.py b/tests/api/test_new_random_alias.py
index 885d30dc..4f1515c2 100644
--- a/tests/api/test_new_random_alias.py
+++ b/tests/api/test_new_random_alias.py
@@ -52,7 +52,7 @@ def test_custom_mode(flask_client):
     r = flask_client.post(
         url_for("api.new_random_alias", hostname="www.test.com", mode="uuid"),
         headers={"Authentication": api_key.code},
-        json={"note": "test note",},
+        json={"note": "test note"},
     )
 
     assert r.status_code == 201