On Tue, 2005-08-09 at 18:03 +0200, Hadmut Danisch wrote:
On Wed, Jul 27, 2005 at 02:38:26AM -0000, John Levine wrote:
At this point I haven't figured out what the mechanism for running
messages through the forwarding gauntlet should be. Suggestions
welcome. Paste them into a web form? Mail them in as an attachment?
My guess is that it does not make much sense to just try this and that
message, and maybe a harder one.
We need to figure out what could cause transmission and then setup a
program, which automatically generates testmessage trying to provocate
the suspected conversion.
Things I would like to see:
- White space at top, bottom, line ends of body.
- Zero bytes.
- Line ends in 0D, 0A, 0D0A
- Tabs convertet do spaces?
- Character sets: Try all bytes from 0..255 without charset,
try all charsets like iso-8859-1..15, arabic, chinese ones, etc.
and UTF-8. Try every possible character value (0..255 in most
charsets, some more in UTF-8).
- HTML: Tags up- oder downcased? canonicalized? script tags removed?
- Virus- and Spam-Mails (false positives!): Are they tagged or
- Forwarding and Bouncing by .forward and MUAs.
- Offending language: I found that especially US-made spam filter
programs are prepared to educate users and to block lists of
sexual offending or vulgar language. Are such mails modified?
This sounds good.
A few other comments.
Probably this should be called 'contentsig' rather than 'bodysig' for
the reasons outlined in other messages.
Perhaps before a test mechanism is devised, some idea of
- what entity will be generating the signature
- what entity will be checking the signature
is needed. If these are UAs, then rather more types of MTA need to be
checked than if the generating and checking entities are "boundary"
MTAs, communicating over the (actual) Internet. (Bad luck if you have
Exchange in the way anywhere).
If the message is to pass through a boundary MTA, then these can make
various changes to the message. The function of adding some disclaimer
to the body is often done at the boundary. (You know the sort of thing,
"This message is intended for the person I meant to send it to. If you
are not that person and you have read the message down to this point,
please, er, forget that you read it.") You can get similar messages
added when a message gets checked for viruses. (I have seen one example
which added it to a text/html but outside the main <html>...</html>
tags. Outlook displayed it, sensible UAs did not!)
There are a number of transformations which a boundary MTA (i.e. the MTA
which gives Internet access to an organization with a significant
internal Email network) might make to the heading of the message. E.g.
- Remove the Received trace from the internal MTAs
- Change the folding of any field
- 'Normalize' addresses in known fields (e.g. turning internal addresses
into addresses as they are to be visible to the outside world, or
- Add Message-ID if missing
This kind of thing suggest to me that content based signatures are best
generated and checked at the boundary.
David Wilson <David(_dot_)Wilson(_at_)isode(_dot_)com>
Asrg mailing list