[TCLUG] Re: Outlook X-message-flag hack and its backlash; Feedback wanted.

Tue Feb 5 09:34:23 CST 2002

On Tuesday 05 February 2002 12:49 am, Scott M. Dier wrote:

> Joel Rosenberg wrote:
> > Note the X-headers in this. . .
>
> X-Mailer: the choice of a mailer is a private matter, between a person
> and a consenting computer.
>
> Yeah, until some outlook infestation makes my mailserver:
>
> A) run out of space from some totally stupid word document that sircam
> sent. B) waste bandwidth sending said sircam infestation.
>

Well, both of which are bad, but I think it's more practical, at least in 
anything but the longest run, to protect yourself by means likely to be more 
effective than trying to talk people out of using Outlook right now.  With 
all its flaws, it does have features that are not easily reproducible, and it 
is the standard.

> I would love to not see this anymore, and I'm allmost thinking about
> setting up procmailrc rules to limit attachments to something around 3mb
> (or less) to avoid some of this crap in the future.
>

Perfectly reasonable, particularly if you add a recipe to check for "Outlook" 
in the X-Mailer header.  You might even want to add a counter, and not permit 
more than n Outlook messages per day, to avoid being flooded by smaller 
messages during an Outlook virus outbreak.   

(If you do one, and get it working, please copy me on it.)

> This isn't a private matter, this is a community problem.  Outlook has
> proven too many times to waste resources on mailservers all over the
> world.  Why should the good netziens stay quiet about a problem that
> annoys the hell out of them.
>

No reason.  On the other hand, making noise about it is unlikely to get the 
problem solved -- as evidence, take a look at the popularity of Outlook, 
despite its widely-known vulnerabilities.

> I'm also thinking of making a confirmation website for those who choose
> to use outlook to send me mail directly that confirms that this was 'for
> real and not a virus' for the first email I get from them.   It should
> crack down on half the crap I get in my INBOX thats (STILL!) sircam
> related.
>
> Headers are ok.  15mb word documents from some moron who cant patch
> their operating system is not.  MUA's that lend themselves to
> 'accidentially' running an executable or script is not.

No, they're not okay.  The question, I think, is how to solve the problem, 
and I don't think that even if every non-Outlook user adopted the X-header 
exploit, it would begin to do it -- the most that would happen, I suspect, is 
that Microsoft would configure Outlook to filter it out by default.  
-- 
-------------------------------------
There's a widow in sleepy Chester
  Who weeps for her only son;
There's a grave on the Pabeng River,
  A grave that the Burmans shun,
And there's Subadar Prag Tewarri
  Who tells how the work was done.
-------------------------------------