Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mime-Version header case is incorrect and receives spam score weighting #26

Open
gav- opened this issue Feb 11, 2022 · 3 comments
Open

Mime-Version header case is incorrect and receives spam score weighting #26

gav- opened this issue Feb 11, 2022 · 3 comments

Comments

@gav-
Copy link

gav- commented Feb 11, 2022

mimetic is producing the MIME-Version header as "Mime-Version" (note the difference in letter case for MIME). This is technically incorrect (see: https://www.w3.org/Protocols/rfc1341/3_MIME-Version.html), and causes anti-spam engines to add a weighting to the spam score for emails with this incorrect header in it. (Specifically I am using Rspamd, but it is likely to apply to others too).

I hope this report helps improve the quality of the mimetic library!
@jktjkt
Copy link

jktjkt commented Mar 15, 2022

The format of e-mail messages is defined in RFC 5322 which says that (emphasis mine):

This specification uses the Augmented Backus-Naur Form (ABNF) [RFC5234] notation for the formal definitions of the syntax of messages. Characters will be specified either by a decimal value (e.g., the value %d65 for uppercase A and %d97 for lowercase A) or by a case-insensitive literal value enclosed in quotation marks (e.g., "A" for either uppercase or lowercase A).

A TL;DR version of that is that all e-mail header names are case insensitive. A software could generate something silly asmimE-verSIon, and it will still be standard-compliant.

Also, and just FYI, the actual content of the MIME-Version header is subject to the usual 822-style comment removal. There's even an example in chapter 4 of RFC 2045, on page 10 they show that all these are identical:

  • MIME-Version: 1.0
  • MIME-Version: 1.0 (produced by MetaSend Vx.x)
  • MIME-Version: (produced by MetaSend Vx.x) 1.0
  • MIME-Version: 1.(produced by MetaSend Vx.x)0

@Basskrapfen
Copy link

There is also an discussion on stackoverflow which comes to the same conclusion. When following the RFC the mail header names should be case insensitive.
https://stackoverflow.com/questions/6143549/are-email-headers-case-sensitive

But it seems there is software out there which is not 100% standard conform and checks for the casing of the "MIME-Version" header. In the stackoverflow discussion Thunderbird is also mentioned and the OP does have problems with spam detection software.

So maybe it would be nice to change mimetic to also generate "MIME-Version" even when the spec says it should not matter.

@jktjkt
Copy link

jktjkt commented Mar 16, 2022

The SO post is 10 years old, hopefully TB got fixed in the meanwhile. Also, it is not really just Mimetic, apparently Discourse is generating Mime-Version, too. Anyway, someone already asked rspamd about this: rspamd/rspamd#3923, there's no specific conclusion in there, just a statement from maintainer with no backing data.

Personally, I don't really care either way. There's a ton of broken SW when it comes to e-mail producing, e-mail handling and e-mail parsing. In the MIME realm, I've seen producers split UTF-8 multibyte strings into separate encoded-words, for example. I just wanted to reply to an unanswered issue where the OP provided an inaccurate description.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jktjkt @Basskrapfen @gav-