[Mimedefang] Email injection and the android 'email' app
Steffen Kaiser
skmimedefang at smail.inf.fh-bonn-rhein-sieg.de
Tue Mar 5 02:52:29 EST 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, 4 Mar 2013, David F. Skoll wrote:
> On Mon, 4 Mar 2013 12:30:09 -0500
> "Dale Moore" <Dale.Moore at cs.cmu.edu> wrote:
>
> [Broken Android email app does not consider 5xx failure to be permanent,
> but keeps retrying.]
>
>> Your ideas are appreciated. You can send your ideas to me directly
>> and I will summarize in a week. Or you can send them to this list.
>
> I would take a scorched-earth approach. I would immediately lock the
> account of any user from whom I observed such behaviour and refuse to unlock
> it until the user replaces the email app with a non-broken version.
>
> You seem to be writing from a university, so you may be able to get away
> with this for students. Faculty/staff might need a somewhat more nuanced
> approach. :)
I do agree with David, er partly :-). There are plenty of alternatives for
Android.
@Dale, I would change your action from:
" - manually scanning the logs picking out such behavior
- personally notifying the users that their email isnt going out and why
- helping them put their droid in airplane mode
- helping them remove the offending message from their 'Outbox'
- helping them put their droid out of airplane mode"
to:
" - programmatically scanning the logs picking out such behavior
- automatically notifying the users that their email isnt going out and
why, e.g. point to a FAQ and/or send that FAQ page as attachment
- helping them to install yet another mail client
- helping them to get the old messages edited and on-wire finally"
- --
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBUTWkPp8mjdm1m0FfAQIAEwf9GN71zEP2w5oDB4/3Qct4WjgF32qjr6ms
o+ZoXme2ZOdmaCUuaQgwGbXXF7lc7Q8GVONUT8b1UCRyx+QvjFUkWEaom/jewJt6
Bjvdg6iTffg6tbID372xVZVdYzRAv61sDkJSrYwn2q+JrLjQJHj3LhvNCeqERcL4
dY1Nt3EsTDhJ7ggGmrZuBvyPlXXhTas4rD3GTpG+P0XOLCw61Jg/RoEAO7Q2PL5C
NXnEH+I+u2CBU+mnEK3ev594ue+KEcXLd4hMCRDyLeq9KKqXg1fl7MUzvBVHJKUI
g8Ek5rwy1l1mrY3CPnzBgpbOuI6MeGhS+RVy4vEQedPrO3Xss0tAtg==
=yn3M
-----END PGP SIGNATURE-----
More information about the MIMEDefang
mailing list