> So... Anyone have thoughts about this? Part of me is inclined to leave
> things as they are, and the other part of me says we should emulate
> Apple Mail here and make as much valid/visible text as possible.
Maybe we should start decoding where base64 appears to begin. I think
we should generally follow the common behavior, but this is one case
where we probably avoid doing the thing that doesn't let us catch the
spam. Perhaps something like:
first non-blank line:
if line is a legal MIME boundary
treat as a MIME boundary
anything else
treat as base64
all remaining lines:
treat as base64
Thankfully, "-" is not in base64. However, that could open us up to
some stupid spammer using a fake MIME boundary that is indeed decoded by
some mailers that skip non-base64 characters (like "-") and produces a
line of spam text.
So, a more robust technique would be:
first non-blank line:
if line is a legal MIME boundary
decode line (raw, our MIME decoding routine simulates the more
common behavior of skipping non-base64 characters)
if decoded line is binary garbage
treat the line as a MIME boundary
else
treat it like base64
anything else
treat as base64
all remaining lines:
treat as base64
--
Daniel Quinlan anti-spam (SpamAssassin), Linux,
http://www.pathname.com/~quinlan/ and open source consulting
