Hi,
I received a suspicious e-mail in Outlook Express. I did not open it but used Properties | Details | source of message to have a look. There is the following :

MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_1E3_887D_0AE625B8.0700644B"
X-Priority: 1
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400

This is a multi-part message in MIME format.

------=_NextPart_1E3_887D_0AE625B8.0700644B
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

------=_NextPart_1E3_887D_0AE625B8.0700644B
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: base64

PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBU...

Question : why is "text/plain" or "text/html" unreadable ? If this were an image/stationery, I would expect to find something like "Content-Type: image/jpeg". How would OE handle this mail ?

Thanks,

Yinda

The text block is merely uuencoded, as you pointed out, very much like an image or other attachment would be. Encoding text blocks is often done with spam in the hopes that spam filters won't be able to block delivery of the message. I receive a lot of spam that is structured this same way. When you read the message in OE, it can decode it just fine back into the original text. However, I never read these as I know they are spam (or worse).

So basically, it's a perfectly valid form of message transmission, but, in practice it is now being used to help deliver spam more effectively.

Thanks LWM.
I don't read such mails too (the Preview pane in OE is disabled).
Regards,
Yinda

I have the preview open, but when i see lots of new emails, i might use the "search" function and put it on today's date or a day back; that way i can savely scroll through the mess and delete or open or look in the source without actually opening the email.

Good that you tell about the uuencode ... i thought of that line it was an encryption key :)

I'd like to understand your idea because the preview pane is useful.

I understand that, in the search window, we can scroll through the list without opening anything. But how can we "open or look in the source without actually opening the email" ?

Is not the preview pane as good as opening an email? all email clients I've ever used the first thing to do is disable the preview pane.

-{ Quote: " quoting: Tinribs link=board=18;threadid=9444;start=0#msg61888 date=1053458051]
Is not the preview pane as good as opening an email? all email clients I've ever used the first thing to do is disable the preview pane.
" }-

In essence: yes. any kind of code can be activated, HTML etc. coming with possible exploits.

regards.

paul

Yinda, in the search you see the message sender/subject.
Rightclick it, get the properties, details, where you see the source. As this is the same you would see in notepad, the possible code in it can't run.
It's the same when we look for instance with WormGuard in a blocked file in the safe mode, the file is not opened actually, you're just scrolling through it's source code.

I see, Jooske. I'll keep the preview pane disabled in order to prevent from opening a mail through inadvertance.
Thanks.
Yinda

Hi,

I am reactivating this post for one more question.

I have an occasional correspondent who is used to send me uuencoded messages. I don't know why, because there are not spam. Please can you confirm that, as long as the Content-Type is "text/plain", such messages can't be harmful ?

Thanks.

Yinda