Re: [mailop] [EXTERNAL] Strange MIME headers from Microsoft

2020-03-06 Thread Michael Wise via mailop 

Not my investigation, just handing it off to someone else, since … I don’t know.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail<http://go.microsoft.com/fwlink/?LinkID=614866> ?

From: Ken Simpson 
Sent: Friday, March 6, 2020 2:48 PM
To: John R Levine 
Cc: Michael Wise ; mailop@mailop.org
Subject: Re: [mailop] [EXTERNAL] Strange MIME headers from Microsoft

I looked at the logs, there's quite a few, all seem from outlook hosted
accounts.

It seems like something a co-op student would do: MIME encoding the world. I'd 
love to have an inside view of Michael's investigation.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] Strange MIME headers from Microsoft

2020-03-06 Thread Ken Simpson via mailop 
>
> I looked at the logs, there's quite a few, all seem from outlook hosted
> accounts.
>
>
It seems like something a co-op student would do: MIME encoding the world.
I'd love to have an inside view of Michael's investigation.
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] Strange MIME headers from Microsoft

2020-03-06 Thread John R Levine via mailop 

Yeah, looking for someone to have a peek at that.
Rather Strange, to say the least.


I looked at the logs, there's quite a few, all seem from outlook hosted 
accounts.



-Original Message-
From: mailop  On Behalf Of John Levine via mailop
Sent: Friday, March 6, 2020 9:35 AM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] Strange MIME headers from Microsoft



Take a look at this archived message sent from an Outlook hosted user:



https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmailarchive.ietf.org%2Farch%2Fmsg%2Flast-call%2FxTEWTOyy4HOX-wyvFVaOicn2P-I%2F%23data=02%7C01%7Cmichael.wise%40microsoft.com%7Cff4f318df5b24e654fb008d7c1f52e92%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637191131102826023sdata=%2Br4mkYri0davTs5Z3J4HCvcuGWtydtlexGxI8FykX%2Bs%3Dreserved=0



The Message-ID, ARC-Seal and some private headers are MIME encoded, like this:



Message-ID: =?utf-8?q?=3CMWHPR1301MB209609A6C565A653FD477AA585E30=40MWHPR130?= 
=?utf-8?q?1MB2096=2Enamprd13=2Eprod=2Eoutlook=2Ecom=3E?=



That is completely invalid under the mail standards (I checked with the guys 
who wrote them) and oddly pointless, since if you decode the MIME glop, it's an 
ordinary ASCII ID:



Message-ID: 
mailto:mwhpr1301mb209609a6c565a653fd477aa585...@mwhpr1301mb2096.namprd13.prod.outlook.com>>



I only see this in messages from outlook.com so I'm pretty sure they're doing 
it, not some intermediate system.  Anyone there we can get to look at it and 
fix it?



R's,

John



___

mailop mailing list

mailop@mailop.org

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailopdata=02%7C01%7Cmichael.wise%40microsoft.com%7Cff4f318df5b24e654fb008d7c1f52e92%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637191131102826023sdata=0wdchpRx9ssEJ161kTFXs%2BuH1MkXr6JbgbGihxubCx8%3Dreserved=0



Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] Strange MIME headers from Microsoft

2020-03-06 Thread Michael Wise via mailop 


[ hmm / ]



Yeah, looking for someone to have a peek at that.

Rather Strange, to say the least.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?



-Original Message-
From: mailop  On Behalf Of John Levine via mailop
Sent: Friday, March 6, 2020 9:35 AM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] Strange MIME headers from Microsoft



Take a look at this archived message sent from an Outlook hosted user:



https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmailarchive.ietf.org%2Farch%2Fmsg%2Flast-call%2FxTEWTOyy4HOX-wyvFVaOicn2P-I%2F%23data=02%7C01%7Cmichael.wise%40microsoft.com%7Cff4f318df5b24e654fb008d7c1f52e92%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637191131102826023sdata=%2Br4mkYri0davTs5Z3J4HCvcuGWtydtlexGxI8FykX%2Bs%3Dreserved=0



The Message-ID, ARC-Seal and some private headers are MIME encoded, like this:



Message-ID: =?utf-8?q?=3CMWHPR1301MB209609A6C565A653FD477AA585E30=40MWHPR130?= 
=?utf-8?q?1MB2096=2Enamprd13=2Eprod=2Eoutlook=2Ecom=3E?=



That is completely invalid under the mail standards (I checked with the guys 
who wrote them) and oddly pointless, since if you decode the MIME glop, it's an 
ordinary ASCII ID:



Message-ID: 
mailto:mwhpr1301mb209609a6c565a653fd477aa585...@mwhpr1301mb2096.namprd13.prod.outlook.com>>



I only see this in messages from outlook.com so I'm pretty sure they're doing 
it, not some intermediate system.  Anyone there we can get to look at it and 
fix it?



R's,

John



___

mailop mailing list

mailop@mailop.org

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailopdata=02%7C01%7Cmichael.wise%40microsoft.com%7Cff4f318df5b24e654fb008d7c1f52e92%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637191131102826023sdata=0wdchpRx9ssEJ161kTFXs%2BuH1MkXr6JbgbGihxubCx8%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop