On Wed, 20 Mar 2013 15:11:21 -0700 <[email protected]> wrote: > > --- On Wed, 3/20/13, Joseph Brennan <[email protected]> wrote: > > Ever see one of these?-- > > > > To: Joe B <[email protected]<javascript:_e({},> > > 'cvml','[email protected]');>> > > > > I changed the name and address, but otherwise this is what ... > > Since when is JavaScript valid in SMTP headers? Is there even a proposal > (i.e. an RFC) that suggests this? I see no reason to reject this on sight as > a malformed mailbox in a header.
er, and you're not making your mind or aren't you making your mind about it or not? Joseph, I haven't seen much of these kind in years and none in javascript but I'd suspect either a broken bot (cron or evil) or a real attempt to break something, I'd also suspect some weak clients to be able to do bad things (TM) from it and I'd also suspect that the eXchange system like in your test once tried to not be vulnerable to it and finally decided to simply reject instead of repairing ;-) _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
