On Wed, 24 Mar 2004 16:32:27 +0100 "Kai Schaetzl" <[EMAIL PROTECTED]> wrote:
> Anders Norrbring wrote on Wed, 24 Mar 2004 07:06:39 +0100: > > > Rest assured that I will, I actually paid some good money for my Office pack > > > > Anders, you should complain loudly to Microsoft about this, you are a > customer. If only a few customers complain about the MID, but nobody > complains > about the missing MID then they won't re-add it. Seriously. It appears that Microsoft intentionally broke their mail client on the request of their (idiot) customers. This indicates that Microsoft listens to their customers, at least to their idiot customers. So you have to get Microsoft's attention somehow; you may have to pretend to be an idiot to get them to listen to you. The Outlook missing-Message-Id problem really needs to be fixed because in this case the RFCs are very clear that 'SHOULD' means 'SHALL.' Aside: It's maybe a little unfair to claim that the Microdoft customers that objected to RFC-compliant client-supplied Message-Id are idiots, since including host name in the Message-Id is a form of information leakage, divulging the names of machines on a (private?) network. This is a somewhat legitimate concern. Tenuous but legitimate. For the few ultra-paranoid/myopic customers that even care about this, there are a few simple ways around this problem that don't involve dropping the Message-Id's. The Message-Id just needs to be unique; there's no requirement for a hostname to be divulged. Substituting MD5(hostname) or SHA1(hostname) or CRC32(hostname) or processor-ID or any of a wide array of easily-generatable static machine-specific unique identifiers for hostname solves the problem. Second, if you're going through all this trouble, you need to omit, strip off, or otherwise mangle the Received header showing the transfer from the client MUA to the local MTA before it exits the local network otherwise you leak the information you just went through all that trouble to scrub from the Message-Id. But if you're going to break RFCs by having your MTA mangle the Received headers of outbound messages, isn't it a simple matter to mangle the Message-Id at the same time, rather than breaking every new copy of Outlook? Don't forget that someone in the organization is probably still using an older version of Outlook or another RFC-compliant MUA that properly adds a Message-Id, so you still have to mangle the Message-Id at the MTA before it exits the system (Rule #1: never trust the client.) Microsoft somehow bought the counterargument and better, didn't add a hidden checkbox or Registry entry to let you work around it. Honestly, I don't know how to harness the level of collective idiocy needed to convince Microsoft to undo this brokenness. Or maybe this is done purposely to degrade SpamAssassin accuracy to promote Microsoft's proprietary email Caller-ID scheme... /me adjusts tinfoil hat... -- Bob
