[Mimedefang] Email injection and the android 'email' app

David F. Skoll dfs at roaringpenguin.com
Mon Mar 4 13:08:13 EST 2013


On Mon, 4 Mar 2013 12:30:09 -0500
"Dale Moore" <Dale.Moore at cs.cmu.edu> wrote:

[Broken Android email app does not consider 5xx failure to be permanent,
 but keeps retrying.]

> Your ideas are appreciated.  You can send your ideas  to me directly
> and I will summarize in a week.  Or you can send them to this list.

I would take a scorched-earth approach.  I would immediately lock the
account of any user from whom I observed such behaviour and refuse to unlock
it until the user replaces the email app with a non-broken version.

You seem to be writing from a university, so you may be able to get away
with this for students.  Faculty/staff might need a somewhat more nuanced
approach. :)

Regards,

David.



More information about the MIMEDefang mailing list