Re: [Nmh-workers] Quoted printable problem

[Lyndon Nerenberg]

On 2012-12-17, at 4:16 PM, Ralph Corderoy wrote:

> I agree with Lyndon.  Unless we find a major MUA has taken to spewing
> this errant guff, making it a de facto standard, bailing out with
> reference to the RFC seems fine.  It may persuade the recipient to play
> detective on the source.

There is an even better reason: security.  Since a multipart wrapped in QP (or 
base64) is undefined, there is no correct way to deal with it, and therefore 
nobody will deal with it "correctly" – if that was even possible.  This means 
broken parsers generating stack overflows, ripe for exploitation by viruses.  I 
would *really* like to see the raw source for a couple of these messages, as 
I'm starting to wonder if these aren't actual virus payloads.

There are reasons we have standards, and this is one of the many cases where it 
is important to adhere to them. 

--lyndon