http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5393
------- Additional Comments From [EMAIL PROTECTED] 2007-03-29 08:34 ------- (In reply to comment #7) > I discovered this because a sample was reported by an Outlook (2000?) user as > a > filter miss. Due to policy issues I am not able to share the full original > (hence the constructed samples) and while I am unable to stand in front of his > machine to verify it, I feel pretty sure that he was not reporting the > emptiness > of the text and HTML parts as spam. The epilogue-carried payload was a > consumer > survey come-on, all bad HTML with lots of non-included images. Was it that he saw that information or did it just exist in the message? Spammers send out a lot of crappy email (construction, not just content,) and I wouldn't be surprised if they had stuff all over the place. But that's not really important if the MUA does what it's supposed to and ignores it. > In addition, any MUA that does not support MIME will display whatever epilogue > happens to be present. I know it sounds crazy, but people do still use mailx. > Really. There is even a politically significant (in geek terms) population of > people who use pure text mailers like mutt and mh and intentionally break > whatever MIME support is there. I have also confirmed that Palm's VersaMail > MUA > will display the epilogue of MIME messages. Well, readers like Mutt (which I use) don't break MIME. You just look at the text parts, not HTML or anything else. mailx and anything else that's not a MIME-compliant reader will obviously show you everything. In as far as spammers are concerned, they're not targeting mailx users. > I'd rate my confidence that this was intentional filter evasion at about 80% > with a real chance that it was an "OOPS!" (the HTML was clearly built by hand > by an amateur) but even so, it seems prudent to look in the epilogue. What > could > it hurt? Well, asking for us to stop being MIME compliant because we can is a little ridiculous imo. :) If common MIME-compliant MUAs display the preamble or the epilogue (very obviously incorrect), then we may have to do the same, and also should get people yell at the vendor about it. If they don't, then we arguably shouldn't either. An obvious issue is that it potentially gives us a lot more data to process, and gives spammers a way of specifically trying to clog anti-spam tools. There's already the issue of text/plain parts with garbage and a text/html part with the actual payload. It's hard enough trying to determine that the text/plain part is garbage, let alone try to figure out whether or not all the data in the epilogue should be ignored. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
