ietf-822
[Top] [All Lists]

Re: I-D on automatic responses

2002-06-04 21:30:05

Florian Weimer <fw(_at_)deneb(_dot_)enyo(_dot_)de> writes:
Keith Moore <moore(_at_)cs(_dot_)utk(_dot_)edu> writes:

    - content (should probably limit size, content to limit
      DoS attack potential - e.g. should not allow sender to
      use the responder as a relay for viruses)

A somewhat dubious but effective way of getting around the problem of
being used as a relay for viruses is to include the original message in
the body of the reply in plain text rather than as a MIME-formatted
inclusion.  That defangs most of the active content in most mailers.
That's what I'm doing right now.

      - proper MIME encapsulation (?)

What in particular would you encapsulate?  Just the original message if
you're including it for reference, or other things as well?

Bear in mind that MIME encapsulation can make it harder for the user to
actually see that portion of the message.  We still regularly get
complaints about our bounce messages, which I switched a while back to a
format that strictly conforms with the DSN standard, because the original
message shows up as an attachment that the user's mail client can't deal
with.

(I've also encountered a bizarre problem apparently in Eudora where the
mail client for some reason doesn't properly delete the DSN message off of
the server when using POP, thus making the user think that they're
receiving the message over and over again when we only sent it once and
they only have one copy in their mailbox that their client keeps
downloading.  This seems to only happen with Eudora, and not all the time,
and I've not managed to duplicate it or track it down further.)

-- 
Russ Allbery (rra(_at_)stanford(_dot_)edu)             
<http://www.eyrie.org/~eagle/>

<Prev in Thread] Current Thread [Next in Thread>