[PLUG] Very long message ID from client - Outlook infection?
Jack Morgan
jack at bonyari.com
Wed Dec 28 23:11:56 UTC 2005
On Wednesday 28 December 2005 14:49, Keith Lofstrom wrote:
> I don't know whether this means anything, but I got a message from
> a potential client in Beaverton that has a strange message ID:
>
> !~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAxLkJF2VfLkOlCfAsg2WrTMKAAAAQ
>AAAAE4On7vWWUESqKFpE0KjRQQEAAAAA at ______-inc.com
>
> (name changed to protect the innocent).
>
> They are using Outlook:
>
> X-Mailer: Microsoft Outlook, Build 10.0.6626
>
> Since the average message ID number part is around 15-25 characters,
> and the longest legitimate ID in a few hundred recent emails is 40
> (amazon.com, who else?), I wonder if this is a sign that they have
> Outlook misconfigured, or perhaps even zombied and attempting a
> buffer overflow?
>
> I checked 190K archived emails, and have seen this about 12 times in
> legitimate mail over the last year (all from Outlook) and quite a few
> in spams. Any ideas?
This is normal for Outlook. IIRC, this is generated when the sender includes
"Message Disposition Notification" aka "read reciept" aka when the sender
wants to know if the receiver read the email.
--
Jack Morgan
More information about the PLUG
mailing list