From: gep2(_at_)terabites(_dot_)com
...
The point being that spam is at least 3-5x bulkier, FAR more difficult to
identify, and far more dangerous, if it can incorporate (1) HTML, (including
clickable hotlinks, images, scripting, and so forth), (2) attachments
(virtually
all worms and viruses are based on attachments), and (3) base64 or other
encoding. ...
I can sympathize with (1 and can almost agree with (2), but (3) is
wrong. Base64 and quoted-printable encoding do not increase the
size of mail by much. They themselves carry no risks of nasty
content. Finally, they provide no cover for the nasty stuff except
from naive, simplistic, and broken-by design filters and other
defenses. All reasonable filters decode Base64, Quoted-Printable,
and even HTML &-numeric and &-name character references. %-decoding
is also straightforward and on its way to being de facto standard
for filters that are not practically useless toys.
relatively small number of senders for any given recipient who can send them
mail containing those things. ...
If not today then soon most users of email have only the alternatives
of receiving mail in languages and character sets they don't understand
or receiving mail encoded with Base64 or quoted-printable mail.
That I use a 20 year-old MUA that cannot encode Base64 or QP at all,
cannot decode QP at all, and cannot really decode Base64, and that I
receive legitimate encoded mail about once a month is irrelevant.
That I must start special systems and copy files among them to send
encoded documents that other people demand matters to no one except
me. My situation and preferences and the situations and preferences
of old farts like me are irrelevant to the vast majority of users
and so irrelevant here.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg