[urq] The MIME epidemic

Mon Feb 12 14:50:35 EST 2001

>       why exactly is mime email a security risk?

Well, I _did_ include a link.  Here it is again, with a couple more:

http://www.wired.com/news/technology/0,1282,41686,00.html?tw=wn20010208
http://lwn.net/2001/0208/a/htmlprivacy.php3
http://channel.nytimes.com/2001/02/05/technology/05JAVA.html

It's not specifically MIME per se, but multi-part MIME.  I pull email
in two stages (I get a LOT of it) and look at the headers before
downloading the bodies.  The headers tell me whether a post is
single-part ASCII - which I usually accept - single-part non-ASCII or
multi-part.  The latter two are deleted from the spool without ever
being downloaded _unless_ they come from a 'trusted' domain or
individual.  There's a table of both of these in the code.  Even then,
I sometimes get questionable stuff, so it all goes into a 'dirty'
directory to be examined manually before it gets near the system.

As a matter of interest only - downloading the headers now takes almost
twice as long as downloading the bodies.  It takes the quattro list
server about 2m 10s to deal with a single post - on average, 60% of this
is headers.  Of the headers, over 40% is originated by mailman and is
of no conceivable use - an extra 573 bytes of overhead per post:

  X-BeenThere: quattro at audifans.com
  X-Mailman-Version: 2.0beta6
  Precedence: bulk
  List-Help: <mailto:quattro-request at audifans.com?subject=help>
  List-Post: <mailto:quattro at audifans.com>
  List-Subscribe: <http://www.audifans.com/mailman/listinfo/quattro>,
  <mailto:quattro-request at audifans.com?subject=subscribe>
  List-Id: The main audifans.com quattro list <quattro.audifans.com>
  List-Unsubscribe: <http://www.audifans.com/mailman/listinfo/quattro>,
  <mailto:quattro-request at audifans.com?subject=unsubscribe>
  List-Archive: http://www.audifans.com/pipermail/quattro/

Does anyone have an email client that actually uses this stuff?  It
accounts for over 20% of the lists's total bandwidth.

--
 Phil