mailing list archives
RE: Non existing attachments, more info
From: "David F. Skoll" <dfs () roaringpenguin com>
Date: Tue, 19 Feb 2002 16:20:25 -0500 (EST)
On Tue, 19 Feb 2002, Grimes, Roger wrote:
Your second option, although widely implemented by lots of SMTP solutions,
could cause more problems than it solves. I believe that if the message
isn't RFC-compliant and coded correctly, it should be rejected, period.
You are probably right, but that breaks the "robustness principle": be
conservative in what you do, be liberal in what you accept from others
(RFC 793, referring to TCP, but a widely-held philosophy in Internet
I think that reformatting the message as valid MIME is a reasonable
compromise, because it should ensure that MUA's interpret the message
the same way the scanner did. However, when I have time, I will add
the option to my scanner to reject suspicious messages of any type.
Long term, though, the only way around e-mail-borne malware is to stop
using susceptible programs like Windows and Outlook. It is this last
step that people are reluctant to take.