--- David Woodhouse <dwmw2(_at_)infradead(_dot_)org> wrote:
I don't think so. I find it hard to imagine an attach in which
canonicalisation gives you a way to abuse mail. Perhaps if the
canonicalisation were to fold all whitespace, someone's answer could
be
moved from one column in a table to another column?
This may allow a spammer to replay a message and add their own special
content. Imagine a spammer taking a message from a bank and redefining
css tags to hide the 'legit' content from the user, and appending their
own special phishing text.
Spammers have been attacking spam filter's 'canonicalizations' for
years to hide their content. Sophos has a nice list of different
attacks they have seen over the years
http://www.sophos.com/spaminfo/explained/fieldguide.html
Spammmers will have years and years to figure out how to take advantage
of whatever canonicalization schemes are used. I doubt we'll be able
to accurately predict all the attacks that will appear.
miles