Python 2.7 doesn't have email.policy module. For Python 2.7, I wrote this code: --- import email.header import email.message msg = email.message.Message() msg.set_charset("UTF-8") msg['Subject'] = email.header.Header(u'\u0105' * 12, maxlinelen=20, charset="UTF-8") print(msg.as_string()) --- I get this output: --- MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Subject: =?utf-8?b?xIU=?= =?utf-8?b?xIU=?= =?utf-8?b?xIU=?= =?utf-8?b?xIU=?= =?utf-8?b?xIU=?= =?utf-8?b?xIU=?= =?utf-8?b?xIU=?= =?utf-8?b?xIU=?= =?utf-8?b?xIU=?= =?utf-8?b?xIU=?= =?utf-8?b?xIU=?= =?utf-8?b?xIU=?= --- I have no idea if this example says that Python 2.7 is vulnerable or not. I get a different output on the master branch: --- MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Subject: =?utf-8?b?xIXEhcSFxIXEhcSFxIXEhcSFxIXEhcSF?= --- But I don't know if I use the email API properly. "Subject: =?utf-8?b?xIXEhcSFxIXEhcSFxIXEhcSFxIXEhcSF?=" is longer than 20 characters.