OpenFest 2006 - Share the Freedom

February 10, 2004

"The message contains execu..." um... What?!

I sign all my outgoing e-mail using GnuPG, so it gets sent out as an S/MIME multipart/signed message with an application/pgp-signature MIME part. Sometimes this brings out the fun part of the 'net, such as an automated response I received to a message that just made BugTraq:

MailServer has rejected this message: it contains executable attachments.

(just to clear up any confusion, no, this was not sent by the servers, but by the mailserver of somebody subscribed to the list)

Let's hear it for the geniuses who configure their mail filters so that any MIME attachments marked as application/* are considered executable. I guess asking them to read RFC 2046, section 4.5, "Application Media Type" (which plainly states that MIME parts marked as application/* are meant to be processed by an application), would be asking too much... but is it too hard to actually *look* at some e-mail messages that they've sent or received recently, and notice that some of them do, indeed, bear attachments of the dreaded application/rtf or application/x-arj-compressed or application/ types? Okay, got carried away a little - that last one is indeed a dreaded one :)

And if you expect to see here another rant about mail filters that bounce messages to the 'From' address instead of 'Return-Path' or 'Sender', well - it seems that you can already do that one by yourself.

Posted by roam at February 10, 2004 08:09 PM