[feedback-report] ARF and MIME attachments
Douglas Otis
dotis at mail-abuse.org
Sun Jun 4 13:35:49 PDT 2006
On Sat, 2006-06-03 at 23:01 -0700, Matthew Elvey wrote:
> Whether the advice is sound or not, it's true that it is common and
> widely taken advice to refuse email containing MIME attachments.
While this may be good advice for general users that utilize
applications executing message content, the abuse@ account should not
fall into this category. The ARF proposal does not require that the
abuse@ mailbox only accept this format, but tools being generated make
this format compliance easier. Manually inserted messages are more
difficult to process because of the resulting broken structure.
The abuse@ mailbox should not execute message script or code related
content. Even without MIME, HTML formatted text messages might
represent a risk. A service provider must read the abuse@, but should
do so with a highly secure reader. Do you think MIME represents a
serious threat, with respect to reading the text content? At least ARF
information is exchanged as simple text.
-Doug
More information about the abuse-feedback-report
mailing list