[Mimedefang] Email injection and the android 'email' app
David F. Skoll
dfs at roaringpenguin.com
Mon Mar 4 13:08:13 EST 2013
On Mon, 4 Mar 2013 12:30:09 -0500
"Dale Moore" <Dale.Moore at cs.cmu.edu> wrote:
[Broken Android email app does not consider 5xx failure to be permanent,
but keeps retrying.]
> Your ideas are appreciated. You can send your ideas to me directly
> and I will summarize in a week. Or you can send them to this list.
I would take a scorched-earth approach. I would immediately lock the
account of any user from whom I observed such behaviour and refuse to unlock
it until the user replaces the email app with a non-broken version.
You seem to be writing from a university, so you may be able to get away
with this for students. Faculty/staff might need a somewhat more nuanced
approach. :)
Regards,
David.
More information about the MIMEDefang
mailing list