Forgotten Powers of MIME

by J.D. Falk
Director of Product Strategy, Receiver Services

If you attended the MAAWG meeting near Washington, D.C. this week, you may have seen postcards from Return Path containing what I believe are fully RFC-compliant email message headers referring to this very blog.

I did have to fudge the Received: header a bit, because there’s no standard way to denote messages injected into the mailstream on a postcard. Maybe there should be. But Received: is somewhat loosely defined, so I think it’s close enough.

While creating the postcard, I stumbled across a very cool idea left over from the invention of MIME, updated a few years later…but never, so far as I could figure out, implemented.

Content-Type: message/external-body; access-type=URL;
     URL=”http://www.returnpath.net/blog/received/”

A MIME part with a content-type of “message/external-body” is, quite simply, a reference to something stored elsewhere. MIME’s inventors imagined that it could be a way to include images and such, accessed originally from an FTP site, a local file, a mail server (though how this would work is unclear), or a few other methods. In 1996, RFC 2017 added the ability to reference a URL — which, in effect, lets you include absolutely anything.

An obvious use for this feature would be to pull up a web page containing information which may have been updated since the message was originally sent — shipping status, flight arrival times, et cetera. These things are often attempted today using JavaScript or other technologies embedded in an HTML message, but that usually doesn’t work due to security concerns.

An equally obvious use for this feature would be to deliver malware and other badness, bypassing spam filters that only look at the content of the original message itself. I doubt that’s the only reason this idea was never implemented, but it sure is a serious concern.

Still, I wonder if there’s a way this could be done right…maybe by adding a Certification layer to keep the bad guys out?

minute read

Popular stories

Products

BriteVerify

BriteVerify email verification ensures that an email address actually exists in real-time

DemandTools

The #1 global data quality tool used by thousands of Salesforce admins

Everest

Insights and deliverability guidance from the only all-in-one email marketing solution

GridBuddy Cloud

Transform how you interact with your data through the versatility of grids.

Return Path

World-class deliverability applications to optimize email marketing programs

Trust Assessments

A revolutionary new solution for assessing Salesforce data quality

Solutions

Validity for Email

Increase inbox placement and maximize subscriber reach with clean and actionable data

Validity for Data Management

Simplify data management with solutions that improve data quality and increase CRM adoption

Validity for Sales Productivity

Give your sales team back hours per day with tools designed to increase productivity and mitigate pipeline risks in real-time