[Mimedefang] Email injection and the android 'email' app

Dale Moore Dale.Moore at cs.cmu.edu
Tue Mar 5 17:45:01 EST 2013


> Those aren't big numbers and it shouldn't bother your server much even
> if they were orders of magnitude higher...   Why not just ignore it?
> Or do you want to improve the user's experience by getting a DNS in their inbox 
> where they might see it - which is what would happen if the server where they submit
> didn't know the user list?

Exactly right.  Looking back over my logs, this was only a couple of droids
A few months ago.  Now I must do this several times a month.  Perhaps the
result of a minor email education blitz.  The load on the server is very low,
but getting higher.

But from the user experience standpoint it is a total failure.
The users don't  check their 'Outbox' on their android.
They don't know why the email didn't get through.  They didn't get any
notification as to why their email didn't go through.  They thought that
they sent it.  They are sure that they sent it.  And the intended recipient
sure didn't receive it.   It does the right thing for other especially off-site
email addresses.   From the users perspective our system lost their email....
again.   This application works for hundreds or thousands of other sites
and it doesn't work for our system.    From their perspective, our
setup is just plain broken.

Dale Moore



--
  Les Mikesell
    lesmikesell at gmail.com
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang at lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang




More information about the MIMEDefang mailing list