
G'day All I was told today by our tech people that many ISPs alter files that are attached to email, as an explanation why I was having trouble opening some .doc files in MSWord. Any comment? please Thanks Keith keithrbaugroups@gmail.com 0447 667 468

I suppose you could always send yourself a .doc file or a few via the said ISP, and compare the one you receive back to the original and see if there is any difference. I can see a situation where ISPs would scan attachments for malware etc, but not alter the file. Daniel. On 17/12/13 20:25, Keith Bainbridge wrote:
G'day All
I was told today by our tech people that many ISPs alter files that are attached to email, as an explanation why I was having trouble opening some .doc files in MSWord.
Any comment? please
Thanks
Keith
keithrbaugroups@gmail.com
0447 667 468 _______________________________________________ luv-talk mailing list luv-talk@lists.luv.asn.au http://lists.luv.asn.au/listinfo/luv-talk

On Tue, 17 Dec 2013 21:08:58 Daniel Jitnah wrote:
I suppose you could always send yourself a .doc file or a few via the said ISP, and compare the one you receive back to the original and see if there is any difference.
I can see a situation where ISPs would scan attachments for malware etc, but not alter the file.
There are ways of altering the binary message which shouldn't change the result when it's decoded. One example is base64 vs mime encoding, one could theoretically write a mail server that converted one to the other with most users not noticing a difference. Messages with DKIM signatures can be checked. So if someone sends you a message from Gmail or any other service that reliably runs DKIM then you can verify the contents. Does anyone know of a good script to check a DKIM message? I've got some hacky ones that I wrote, I could tidy one up and release it if there's nothing better. Historically some relatively popular MTAs altered messages. For example the Netscape iPlanet MTA would remove leading spaces in header fields, so subjects of " test" and "test" would end up the same when the message was delivered. The Qmail POP server would add an extra blank line at the end of each message. When I was writing my Postal mail benchmark program and using it to check message integrity I had special-case code for iPlanet and Qmail to deal with this. While such alterations wouldn't affect an attachment, the people who break such things might break other things, I could easily imagine the authors of either of those programs happily breaking attachments that they considered to be wrong. In regard to the original question if "many ISPs" means "dozens out of tens of thousands in the world" then it's likely to be a correct statement. But if "many ISPs" means and significant fraction of the ISPs or the ISP customer base then I don't think so. Attachments usually work for most people, the vast majority of ISPs get it right - or get it wrong in rare corner cases. Strangely some people think that infected email should be disinfected (modified) and sent on. I think that ideally it should be rejected with a SMTP 55x code and if that fails it should be discarded. If you know the message is bad then the recipient should never see it. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/

Russell Coker wrote:
There are ways of altering the binary message which shouldn't change the result when it's decoded. One example is base64 vs mime encoding, one could theoretically write a mail server that converted one to the other with most users not noticing a difference.
AFAIK base64 *is* a MIME CTE. By "mime encoding" are you referring to quoted-printable? https://en.wikipedia.org/wiki/MIME#Content-Transfer-Encoding
Messages with DKIM signatures can be checked.
Since he only cares about the attachment itself, it might be simplest to "sha512sum foo.doc" on each end. If he gets the same sum on each end for a doc that "doesn't work", the problem isn't en route.
Historically some relatively popular MTAs altered messages. [details]
Likewise; I've seen plenty of mail bits (especially BTSs) do silly things to messages, but corrupting the contents of an attachment is unusual. Changing the MIME type to application/octet-stream is more common, but that won't change the behaviour if you copy the attachment to disk before you open it.

I'm way out of touch on this. Is it now so unusual for someone to have problems opening a .doc file that ISPs rather than Microsoft & the sender "up"-grading their application are/is the first to be blamed? Dav(e/id/o/y) I believe it is long overdue for lawyers, economists, writers & politicians to understand that ignorance of the law(s of physics) is no excuse! (BTW I check same title@Gmail.com more often) -------------------------------------------- On Wed, 18/12/13, Russell Coker <russell@coker.com.au> wrote: Subject: Re: [luv-talk] ISP alters attachments To: luv-talk@lists.luv.asn.au Received: Wednesday, 18 December, 2013, 12:42 AM On Tue, 17 Dec 2013 21:08:58 Daniel Jitnah wrote:
I suppose you could always send yourself a .doc file or a few via the said ISP, and compare the one you receive back to the original and see if there is any difference.
I can see a situation where ISPs would scan attachments for malware etc, but not alter the file.
There are ways of altering the binary message which shouldn't change the result when it's decoded. One example is base64 vs mime encoding, one could theoretically write a mail server that converted one to the other with most users not noticing a difference. Messages with DKIM signatures can be checked. So if someone sends you a message from Gmail or any other service that reliably runs DKIM then you can verify the contents. Does anyone know of a good script to check a DKIM message? I've got some hacky ones that I wrote, I could tidy one up and release it if there's nothing better. Historically some relatively popular MTAs altered messages. For example the Netscape iPlanet MTA would remove leading spaces in header fields, so subjects of " test" and "test" would end up the same when the message was delivered. The Qmail POP server would add an extra blank line at the end of each message. When I was writing my Postal mail benchmark program and using it to check message integrity I had special-case code for iPlanet and Qmail to deal with this. While such alterations wouldn't affect an attachment, the people who break such things might break other things, I could easily imagine the authors of either of those programs happily breaking attachments that they considered to be wrong. In regard to the original question if "many ISPs" means "dozens out of tens of thousands in the world" then it's likely to be a correct statement. But if "many ISPs" means and significant fraction of the ISPs or the ISP customer base then I don't think so. Attachments usually work for most people, the vast majority of ISPs get it right - or get it wrong in rare corner cases. Strangely some people think that infected email should be disinfected (modified) and sent on. I think that ideally it should be rejected with a SMTP 55x code and if that fails it should be discarded. If you know the message is bad then the recipient should never see it. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ _______________________________________________ luv-talk mailing list luv-talk@lists.luv.asn.au http://lists.luv.asn.au/listinfo/luv-talk

-------------------------------------------- On Wed, 18/12/13, Russell Coker <russell@coker.com.au> wrote: Subject: Re: [luv-talk] ISP alters attachments To: luv-talk@lists.luv.asn.au Received: Wednesday, 18 December, 2013, 12:42 AM SNIP Strangely some people think that infected email should be disinfected (modified) and sent on. I think that ideally it should be rejected with a SMTP 55x code and if that fails it should be discarded. If you know the message is bad then the recipient should never see it. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Maybe the best practice would be to send a message reporting that a message from say spankyhamy@spamspamspam.oink was infected & therefore discarded? Otherwise it's a sort of stealthy censorship, just like whenever I reveal that the real people controlling everything are lawyers their name is removed from the sentence & replaced by "lawyers" (I bet it happens in that sentence too!) (Sorry about the top post before, I forgot to adjust to the sub-culture.) Dav(e/id/o/y) I believe it is long overdue for lawyers, economists, writers & politicians to understand that ignorance of the law(s of physics) is no excuse! (BTW I check same title@Gmail.com more often)

On Fri, 20 Dec 2013 18:48:37 David E Payne wrote:
Strangely some people think that infected email should be disinfected (modified) and sent on. I think that ideally it should be rejected with a SMTP 55x code and if that fails it should be discarded. If you know the message is bad then the recipient should never see it.
Firstly the correct way to quote text is to prepend each line with "> ". If you are using webmail or some other inadequate MUA then you can type them manually, I fixed the above text and you could have done so just as easily.
Maybe the best practice would be to send a message reporting that a message from say spankyhamy@spamspamspam.oink was infected & therefore discarded?
If an MTA rejects mail with a SMTP 55x then the sending MTA will generate a bounce message which informs the sender.
Otherwise it's a sort of stealthy censorship, just like whenever I reveal
Messages that have viruses are not from people and there's no censorship. Even when people manually send malware it's not censorship, please read the Wikipedia page about "censorship" or any other resource that defines it. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/

Keith Bainbridge <keithrbaugroups@gmail.com> wrote:
I was told today by our tech people that many ISPs alter files that are attached to email, as an explanation why I was having trouble opening some .doc files in MSWord.
Any comment? please
I don't know whether this happens, but the solutions that come to mind are S/MIME and GNUPG, to encrypt and sign the messages.

G'day, On 17/12/2013 8:25 PM, Keith Bainbridge wrote:
I was told today by our tech people that many ISPs alter files that are attached to email, as an explanation why I was having trouble opening some .doc files in MSWord.
Sounds highly unlikely to me, unless they are working on some other agenda behind the scenes. I've had the idea of stripping attachments on my mail server, but I think that without absolute user knowledge and acceptance of such practice that it cannot be done (without risk). Ideally strip the attachment and replace with a link -- all attachments of the exact same content can share the link (perhaps with a unique name), hence smaller emails and much less duplication potentially.
Any comment? please
It surprised me to learn that some ISPs inject code / adverts in webpages! This was reported for a mobile service in the UK, but it might well happen in other places too... who knows? Cheers A.

Thanks All. Sounds like you agree, that the guru is spinning a yarn. I have a conspiracy theory, but that doesn't prove anything, does it. Thanks again Keith Thanks Regards Keith Bainbridge keithrbaugroups@gmail.com 0447 667 468
participants (7)
-
Andrew McGlashan
-
Daniel Jitnah
-
David E Payne
-
Jason White
-
Keith Bainbridge
-
Russell Coker
-
Trent W. Buck