ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: filtering active content

2001-07-25 09:30:03
from [Vernon Schryver] [Permanent Link] 
From: "James P. Salsman" <bovik(_at_)best(_dot_)com>



...

Don't some Microsoft MUA's ignore the MIME type and look for
what are called magic numbers in the UNIX world?


Sort of; they use the filename extension, not the MIME type.  DOS/360
lives in the heart of every copy of Microsoft Windows.  Welcome to 1970.


I've read somewhere that they sometimes ignore the 3 character DOS
filename or filetype extension and look for magic numbers in the data.
I've no way of evaluating that, or at least no inclination.



The correct solution is to find out who at Microsoft refuses to put 
security safeguards on the address book(s) and allows scripts to 
fully send messages instead of queueing for approval.  I find it 
amazing that they haven't implemented such easy fixes in the past 
couple of years, after things started getting really bad....


That assumes there is such a someone.  Anyone who has worked in a big
outfit guesses that most Microsoft employees who can spell SMTP would
like to apply some of the obvious fixes, but that the organization as
a whole, including customers, resists.

Consider how utterly trivial it would be for the IETF to install a less
ancient version of sendmail than 8.9 on odin.ietf.org, and then do any
of the things that have been suggested for years to stem the flow
of vacation notices and viruses, including 
  - add "precedence: bulk",
  - limiting the size of messages,
  - filtering some or all MIME types,
  - filtering on some MUA stigmata.

Consider the first in particular.  No one says a bulk header would be
harmful.  Everyone admits it would largely fix the flood of vacation
notices.  The worst that is said is that it would not be justified by
any standard, as if the X-Loop header that odin now adds is somehow
justified by a standard or as if odin doesn't pass the precedence
header when it sees it.

If the IETF can't install less ancient software and add 3 or 4 lines
to a single sendmail.cf file on a single computer within 2 or 3 years,
then how can you expect Microsoft to modify bazillions of computers?
If Microsoft customers were as slow to upgrade as the IETF, then even
if Microsoft fixed all of the problems tonight, we could expect to
see no improvement for about 5 years.


Vernon Schryver    vjs(_at_)rhyolite(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  ScanMail Message: To Recipient virus found and action taken., TERA-EMAIL-SA
Next by Date:  fcmemo, Abdullah Hajer
Previous by Thread:  Re: filtering active content, Rahmat M. Samik-Ibrahim
Next by Thread:  Re: filtering active content, Keith Moore
Indexes:  [Date] [Thread] [Top] [All Lists]