It appears that Ralph Seichter via mailop <[email protected]> said: >Interesting you should mention that, given that I just watched a video >[1] discussing some of the ZIP format's pitfalls and oddities. > > [1] https://youtu.be/RYHYiXMJdZI > >Since archives may potentially even start with random data, I wonder how >reliable the suggested sniffing is? If the sender of a DMARC report >fails to provide correct content type information, which should be >simple enough, how trustworthy are the archives themselves?
In practice everyone uses one of a handful of ZIP encoders or decoders. I don't ever recall seeing a ZIP file in a DMARC repprt that didn't have the expected PK\3\4 at the front. People send all sorts of garbage in reports. You definitely need to be prepared for your ZIP decoder to fail if the attachment is truncated or corrupted. And you do for gzip, too. R's, John _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
