On Thu, 08 Mar 2012 11:37:09 -0500, Daniel Kahn Gillmor <d...@fifthhorseman.net> wrote: > notmuch currently treats all messages with the same Message-ID as > the same message. I think this could be a vulnerability :( > > If two messages have the same Message-ID, is there a guarantee of which > of these messages will be produced during a notmuch show? > > Either way, it seems to create a potential DoS attack on notmuch users.
Yesterday I was expecting a confirmation message which, seemingly, never came. It turns out my maildir already contained a message from the same system. From three years ago. With the same Message-ID. Malice has nothing on incompetence. Could we distinguish messages with identical Message-IDs based on some header fields, e.g. Date, From? Peter _______________________________________________ notmuch mailing list email@example.com http://notmuchmail.org/mailman/listinfo/notmuch