> -----Original Message----- > From: decoder [mailto:[EMAIL PROTECTED] > Sent: Friday, August 25, 2006 2:24 PM > To: users@spamassassin.apache.org > Subject: Re: Discourage broken content > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Kenneth Porter wrote: > > --On Friday, August 25, 2006 12:05 AM -0700 Plenz > > <[EMAIL PROTECTED]> wrote: > > > >> I disagree. To check out what happens I converted a JPG picture > >> into a GIF > >> file > >> and sent it to myself. One time I converted it with IrfanView and the > >> second time with PaintShop Pro. Both GIF files had the result > >> "giftopnm: EOF or error reading data portion..." So I produced a > >> corrupt > >> (?) image, but it was not spam. > > > > I think we should discourage all broken content in email and on the > > web. > > > > At one time we could assume that broken content was an honest > > mistake and make an attempt at fixing it. But with the rise of > > malicious content attempting to exploit bugs in content handlers > > (like overruns in image libraries), we should simply reject anything > > that fails to pass validation, on the assumption that's it out to > > get us. > > > > This includes not just broken images but also broken HTML, which is > > so commonly used to conceal spam. > > > > We need to stop giving a free pass to broken content creation > > software just because it's popular. When someone sends you broken > > content, you should react the same way you would if they sent you > > documents on dirt-smeared paper. Stop letting your emperor walk > > around naked. > > I completely agree, the problem is, some implementations makes this > impossible. For example MailScanner. > > I've heard that it truncates the mail at 30kb, no matter if that is > within a MIME block or not... So my plugin gets a broken image.. > though it was not broken originally... >
That is patently false. I have a graphics design/advertising department at one of my locations and these fellas send huge graphics files back and forth when they have emergency proofs/changes and MailScanner has *never* damaged anything, ever, anywhere. Now, there is a setting for scanning (much like exiscan IIRCC) that allows you to truncate the message and only scan xxx amount, it's optional and doesn't modify the actual message in anyway. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
