Re: Bogusly RFC2047'd "inline" for Content-Disposition

[Valdis Klētnieks]

(Merging replies to two related items)

On Sat, 26 Sep 2020 00:14:59 +0100, Conrad Hughes said:
> Just saw this for the first time:
>
>   Content-Disposition: =?utf-8?Q?inline?=

I can do you one better.. In my folder of broken mail that gives exmh
heartburn, I found this one back in 2016:

X-Mailer: =?UTF-8?B?dGlwLWdpdC1sb2ctZGFlbW9u?=
Robot-ID: =?UTF-8?B?PHRpcC1ib3QuZ2l0Lmtlcm5lbC5vcmc+?=
Robot-Unsubscribe: 
=?UTF-8?B?Q29udGFjdCA8bWFpbHRvOmhwYUBrZXJuZWwub3JnPiB0byBnZXQgYmxhY2tsaXM=?=  
=?UTF-8?B?dGVkIGZyb20gd
Ghlc2UgZW1haWxz?=
MIME-Version: =?UTF-8?B?MS4w?=
Content-Transfer-Encoding: =?UTF-8?B?OGJpdA==?=
Content-Type: =?UTF-8?B?dGV4dC9wbGFpbjsgY2hhcnNldD1VVEYtOA==?=
Content-Disposition: =?UTF-8?B?aW5saW5l?=

Fortunately for all concerned, *that* bot was fixed within a few hours.

Unfortunately, it looks like in *this* case, we may be waiting for a while
for it to actually be fixed out in the wild - looks like the fix to force the
Content-Disposition: tag was merged in Dec 2019, and we're just hearing
about the problem now in almost-October 2020.

On the other hand, that also tells me that Magento's market share must
not be very large if nobody noticed.

I've poked the relevant IETF lists about the details on this

On Sat, 26 Sep 2020 09:45:20 -0400, David Levine said:
> It looks like the problem has been fixed.  We could teach mhfixmsg to
> fix this, though I'm inclined not to do that unless this turns out to be
> a more widespread problem.

Given that I've only seen this sort of silliness twice this century, I'd say
the risks of adding code to mhfixmsg probably outweigh the need to extend it.

And although there's "Be liberal in what you accept", that's not really scalable
with stuff that's flat-out broken - especially if it doesn't generate pushback 
to
get the broken stuff fixed.

pgpyqaU2QxF6m.pgp
Description: PGP signature