spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From RW <rwmailli...@googlemail.com>
Subject Re: ENCRYPTED_MESSAGE rule
Date Fri, 23 Feb 2018 14:13:30 GMT
On Fri, 23 Feb 2018 07:18:52 -0600
David Jones wrote:

> On 02/23/2018 06:29 AM, RW wrote:
> > On Thu, 22 Feb 2018 19:33:29 -0700
> > @lbutlr wrote:
> >   
> >> On 2018-02-22 (17:39 MST), RW <rwmaillists@googlemail.com> wrote:  
> >>>
> >>> Is it genuinely encrypted though? I'm wondering if it's just
> >>> base64 encoded, and possibly signed.  
> >>
> >> application/pkcs7-mime is S/MIME  
> > 
> > I know, but does that mean it's necessarily encrypted and not simply
> > signed?
> >   
> 
> Outlook Web says across the top of the message:
> 
> This message has a digital signature, but it wasn't verified because
> the S/MIME control isn't currently supported for your browser or
> platform.
> 
> Outlook client on a Mac says it was an encrypted email.
> 
> https://pastebin.com/Kf9KJKyh
> 

It's just signed, if you change the type to text/plain you can see the
raw mime message.


It has:

Content-Type: application/pkcs7-mime; smime-type=signed-data;
        name="smime.p7m"

From a quick look at rfc5751 it looks like a purely encrypted email
would have "smime-type=enveloped-data", but I doubt that's common. With
a signed and encrypted email the two types are nested in either order.

It comes  down to usage, if the norm is for emails to be signed and
then encrypted, then this sort of email can easily be excluded from
ENCRYPTED_MESSAGE, but the other way around requires support for
S/MIME. 





Mime
View raw message