[Mimedefang] Email injection and the android 'email' app

Steffen Kaiser skmimedefang at smail.inf.fh-bonn-rhein-sieg.de
Tue Mar 5 02:52:29 EST 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 4 Mar 2013, David F. Skoll wrote:

> On Mon, 4 Mar 2013 12:30:09 -0500
> "Dale Moore" <Dale.Moore at cs.cmu.edu> wrote:
>
> [Broken Android email app does not consider 5xx failure to be permanent,
> but keeps retrying.]
>
>> Your ideas are appreciated.  You can send your ideas  to me directly
>> and I will summarize in a week.  Or you can send them to this list.
>
> I would take a scorched-earth approach.  I would immediately lock the
> account of any user from whom I observed such behaviour and refuse to unlock
> it until the user replaces the email app with a non-broken version.
>
> You seem to be writing from a university, so you may be able to get away
> with this for students.  Faculty/staff might need a somewhat more nuanced
> approach. :)

I do agree with David, er partly :-). There are plenty of alternatives for 
Android.

@Dale, I would change your action from:
" - manually scanning the logs picking out such behavior
   - personally notifying the users that their email isnt going out and why
   - helping them put their droid in airplane mode
   - helping them remove the offending message from their 'Outbox'
   - helping them put their droid out of airplane mode"

to:
" - programmatically scanning the logs picking out such behavior
   - automatically notifying the users that their email isnt going out and 
why, e.g. point to a FAQ and/or send that FAQ page as attachment
   - helping them to install yet another mail client
   - helping them to get the old messages edited and on-wire finally"

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBUTWkPp8mjdm1m0FfAQIAEwf9GN71zEP2w5oDB4/3Qct4WjgF32qjr6ms
o+ZoXme2ZOdmaCUuaQgwGbXXF7lc7Q8GVONUT8b1UCRyx+QvjFUkWEaom/jewJt6
Bjvdg6iTffg6tbID372xVZVdYzRAv61sDkJSrYwn2q+JrLjQJHj3LhvNCeqERcL4
dY1Nt3EsTDhJ7ggGmrZuBvyPlXXhTas4rD3GTpG+P0XOLCw61Jg/RoEAO7Q2PL5C
NXnEH+I+u2CBU+mnEK3ev594ue+KEcXLd4hMCRDyLeq9KKqXg1fl7MUzvBVHJKUI
g8Ek5rwy1l1mrY3CPnzBgpbOuI6MeGhS+RVy4vEQedPrO3Xss0tAtg==
=yn3M
-----END PGP SIGNATURE-----

More information about the MIMEDefang mailing list