Malformed Message Handling BCP BCP Murray S. Kucherawy - - PowerPoint PPT Presentation

malformed message handling bcp bcp
SMART_READER_LITE
LIVE PREVIEW

Malformed Message Handling BCP BCP Murray S. Kucherawy - - PowerPoint PPT Presentation

Nov 20, 2023 144 likes •226 views

Malformed Message Handling BCP BCP Murray S. Kucherawy <msk@cloudmark.com> History For various reasons, mostly to keep support costs down and invite participation, email components are historically lax at enforcing standards like

slide-1
SLIDE 1

Malformed Message Handling BCP BCP

Murray S. Kucherawy <msk@cloudmark.com>

slide-2
SLIDE 2

History

  • For various reasons, mostly to keep support

costs down and invite participation, email components are historically lax at enforcing standards like RFC5322 standards like RFC5322

  • Recently this has become a security issue,

where different parts of the mail system treat various malformations in their own ways

slide-3
SLIDE 3

History

  • That means a particular malformation might be

handled one way at a border MTA or filter, and then another way at the MUA

– Prime example: A message with two From: fields; border MTA/filter acts based on the “bottom” (first

  • ne), while MUA shows the “top” (second one)

border MTA/filter acts based on the “bottom” (first

  • ne), while MUA shows the “top” (second one)

– Another example: Malformed lines in the header block, where some components switch to “body” mode and others don’t

  • This can be exploited in phishing attacks, spam,

etc.

slide-4
SLIDE 4

Goals of this work

  • 1. Strongly encourage MSAs to be a lot more

strict in what they allow into the mail stream, specifically because of the exposure created by not doing so

  • 2. Highlight common malformations and

provide advice about what to do with them (interpretation, handling, correction, etc.) based on experience and consensus of the community

slide-5
SLIDE 5

Not the goals of this work

  • Loosen the standards to allow common

malformations because they are common in reality

  • Elevate any malformation to have any kind of
  • Elevate any malformation to have any kind of

real or perceived “standard” status

slide-6
SLIDE 6

Current draft

  • draft-kucherawy-mta-malformed-bcp

– Contains the initial idea; more cases can and should be added by the community

  • Needs a home

– A wiki? – A wiki?

  • But the IESG didn’t like that idea much

– APPSAWG?

  • Concern that the advice in the BCP will change over time as

the problems evolve

  • …but RFCs can be updated as necessary

– Individual submission?

slide-7
SLIDE 7

Discussion

  • <your ad here>