[Micronet] CalMail Tampering with Mail Body?

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

[Micronet] CalMail Tampering with Mail Body?

Mike Friedman
Hi,

Noam Manor's recent posting about CalMail and changes to his subject line reminds me of another issue I've been meaning to report for a long time.  Because my problem is no doubt truly different, I've started a separate piece of email here so as not to confuse things.

For a couple of years now I've noticed that some (not all) mail I send to CalMail lists is modified ever-so-slightly so as to invalidate my GPG signatures.  I use Thunderbird with Enigmail and OpenPGP (on top of GPG, under Windows 7) to sign my email.  Way back when this started happening, I investigated and found that the only difference between my original mail and what was delivered back to me via CalMail was one or two empty lines.  This was almost impossible to notice by cursory eyeballing, which made it difficult to discern visually.  I haven't been able to figure out which kinds of mail body trigger this behavior, because it doesn't happen all the time.  At first, I thought it would occur only when my mail contained html or other kinds of markup, or else when I was forwarding mail (which causes Thunderbird to create special formatting around the forwarded mail).  But lately I've seen occurrences of this problem even with simple, plain text mail.

It's disturbing, because it does undermine the whole point of using a digital signature!  Has anyone encountered this?  It seems to be something CalMail is doing, because the copy of my outgoing mail saved by Thunderbird always has a valid signature, even when the copy coming through CalMail doesn't.

Suggestions welcome.

Thanks.

Mike

P.S.  It will be interesting to see if this mail exhibits the problem.  (I won't know until after I've sent it!).

-- 
Mike Friedman
[hidden email]
http://mikefberkeley.com


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

signature.asc (203 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] CalMail Tampering with Mail Body?

Mike Friedman
Hi,

I forgot to mention another piece of information.  The problem I described seems to happen (when it does) only with mailing lists.  For some time now I've been bcc'ing myself (my email address is on CalMail) on all outgoing mail and the bcc copy always has a valid GPG signature.  It's the copy that is delivered to me via the CalMail list that sometimes is "corrupted".

Mike


On 2012-03-08 16:16, Mike Friedman wrote:
Hi,

Noam Manor's recent posting about CalMail and changes to his subject line reminds me of another issue I've been meaning to report for a long time.  Because my problem is no doubt truly different, I've started a separate piece of email here so as not to confuse things.

For a couple of years now I've noticed that some (not all) mail I send to CalMail lists is modified ever-so-slightly so as to invalidate my GPG signatures.  I use Thunderbird with Enigmail and OpenPGP (on top of GPG, under Windows 7) to sign my email.  Way back when this started happening, I investigated and found that the only difference between my original mail and what was delivered back to me via CalMail was one or two empty lines.  This was almost impossible to notice by cursory eyeballing, which made it difficult to discern visually.  I haven't been able to figure out which kinds of mail body trigger this behavior, because it doesn't happen all the time.  At first, I thought it would occur only when my mail contained html or other kinds of markup, or else when I was forwarding mail (which causes Thunderbird to create special formatting around the forwarded mail).  But lately I've seen occurrences of this problem even with simple, plain text mail.

It's disturbing, because it does undermine the whole point of using a digital signature!  Has anyone encountered this?  It seems to be something CalMail is doing, because the copy of my outgoing mail saved by Thunderbird always has a valid signature, even when the copy coming through CalMail doesn't.

Suggestions welcome.

Thanks.

Mike

P.S.  It will be interesting to see if this mail exhibits the problem.  (I won't know until after I've sent it!).

-- 
Mike Friedman
[hidden email]
http://mikefberkeley.com



-- 
Mike Friedman
[hidden email]
http://mikefberkeley.com


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

signature.asc (203 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] CalMail Tampering with Mail Body?

Lucy Greco-2

But you didn’t tell us if the first one has the problem smile

 

Lucy Greco

Assistive Technology Specialist

Disabled Student's Program UC Berkeley

(510) 643-7591

http://attlc.berkeley.edu

http://webaccess.berkeley.edu

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Mike Friedman
Sent: Thursday, March 08, 2012 4:37 PM
Cc: [hidden email]
Subject: Re: [Micronet] CalMail Tampering with Mail Body?

 

Hi,

I forgot to mention another piece of information.  The problem I described seems to happen (when it does) only with mailing lists.  For some time now I've been bcc'ing myself (my email address is on CalMail) on all outgoing mail and the bcc copy always has a valid GPG signature.  It's the copy that is delivered to me via the CalMail list that sometimes is "corrupted".

Mike


On 2012-03-08 16:16, Mike Friedman wrote:

Hi,

Noam Manor's recent posting about CalMail and changes to his subject line reminds me of another issue I've been meaning to report for a long time.  Because my problem is no doubt truly different, I've started a separate piece of email here so as not to confuse things.

For a couple of years now I've noticed that some (not all) mail I send to CalMail lists is modified ever-so-slightly so as to invalidate my GPG signatures.  I use Thunderbird with Enigmail and OpenPGP (on top of GPG, under Windows 7) to sign my email.  Way back when this started happening, I investigated and found that the only difference between my original mail and what was delivered back to me via CalMail was one or two empty lines.  This was almost impossible to notice by cursory eyeballing, which made it difficult to discern visually.  I haven't been able to figure out which kinds of mail body trigger this behavior, because it doesn't happen all the time.  At first, I thought it would occur only when my mail contained html or other kinds of markup, or else when I was forwarding mail (which causes Thunderbird to create special formatting around the forwarded mail).  But lately I've seen occurrences of this problem even with simple, plain text mail.

It's disturbing, because it does undermine the whole point of using a digital signature!  Has anyone encountered this?  It seems to be something CalMail is doing, because the copy of my outgoing mail saved by Thunderbird always has a valid signature, even when the copy coming through CalMail doesn't.

Suggestions welcome.

Thanks.

Mike

P.S.  It will be interesting to see if this mail exhibits the problem.  (I won't know until after I've sent it!).


-- 
Mike Friedman
[hidden email]
http://mikefberkeley.com
 




-- 
Mike Friedman
[hidden email]
http://mikefberkeley.com
 

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] CalMail Tampering with Mail Body?

Mike Friedman
On 2012-03-08 16:43, Lucy Greco wrote:

But you didn’t tell us if the first one has the problem smile


Lucy,

Thanks for reminding me.  The first mail I sent did have the problem.  But the second one didn't, even though most of it consisted of a copy of the first!

Mike


-- 
Mike Friedman
[hidden email]
http://mikefberkeley.com


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

signature.asc (203 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] CalMail Tampering with Mail Body?

Ian Crew
In reply to this post by Mike Friedman
Maybe it has to do with which mailing list it's sent to?  For example, Micronet appends a footer to the body of every message sent to the list, which means it has to process and modify the body text.  For lists that don't have a footer, maybe that doesn't happen....

Just guessing,

Ian

On Mar 8, 2012, at 4:37 PM, Mike Friedman wrote:

Hi,

I forgot to mention another piece of information.  The problem I described seems to happen (when it does) only with mailing lists.  For some time now I've been bcc'ing myself (my email address is on CalMail) on all outgoing mail and the bcc copy always has a valid GPG signature.  It's the copy that is delivered to me via the CalMail list that sometimes is "corrupted".

Mike


On 2012-03-08 16:16, Mike Friedman wrote:
Hi,

Noam Manor's recent posting about CalMail and changes to his subject line reminds me of another issue I've been meaning to report for a long time.  Because my problem is no doubt truly different, I've started a separate piece of email here so as not to confuse things.

For a couple of years now I've noticed that some (not all) mail I send to CalMail lists is modified ever-so-slightly so as to invalidate my GPG signatures.  I use Thunderbird with Enigmail and OpenPGP (on top of GPG, under Windows 7) to sign my email.  Way back when this started happening, I investigated and found that the only difference between my original mail and what was delivered back to me via CalMail was one or two empty lines.  This was almost impossible to notice by cursory eyeballing, which made it difficult to discern visually.  I haven't been able to figure out which kinds of mail body trigger this behavior, because it doesn't happen all the time.  At first, I thought it would occur only when my mail contained html or other kinds of markup, or else when I was forwarding mail (which causes Thunderbird to create special formatting around the forwarded mail).  But lately I've seen occurrences of this problem even with simple, plain text mail.

It's disturbing, because it does undermine the whole point of using a digital signature!  Has anyone encountered this?  It seems to be something CalMail is doing, because the copy of my outgoing mail saved by Thunderbird always has a valid signature, even when the copy coming through CalMail doesn't.

Suggestions welcome.

Thanks.

Mike

P.S.  It will be interesting to see if this mail exhibits the problem.  (I won't know until after I've sent it!).

-- 
Mike Friedman
[hidden email]
http://mikefberkeley.com



-- 
Mike Friedman
[hidden email]
http://mikefberkeley.com


-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

Ian Crew
Platform and Services Manager, Research Hub
Information Services and Technology-Research and Content Technologies
University of California, Berkeley
2195 Hearst Ave, Second Floor


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] CalMail Tampering with Mail Body?

Lucy Greco-2
In reply to this post by Mike Friedman

Strange this message tells me it is signed. But the other two didn’t jaws actually says signed message when I arrow over this one. I must say I have never herd jaws say that before. Now I want to know how many times I miss that smile

Lucy Greco

Assistive Technology Specialist

Disabled Student's Program UC Berkeley

(510) 643-7591

http://attlc.berkeley.edu

http://webaccess.berkeley.edu

 

From: Mike Friedman [mailto:[hidden email]]
Sent: Thursday, March 08, 2012 4:46 PM
To: Lucy Greco
Cc: [hidden email]
Subject: Re: [Micronet] CalMail Tampering with Mail Body?

 

On 2012-03-08 16:43, Lucy Greco wrote:

But you didn’t tell us if the first one has the problem smile


Lucy,

Thanks for reminding me.  The first mail I sent did have the problem.  But the second one didn't, even though most of it consisted of a copy of the first!

Mike



-- 
Mike Friedman
[hidden email]
http://mikefberkeley.com
 

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] CalMail Tampering with Mail Body?

Mike Friedman
In reply to this post by Mike Friedman
OK, I've been giving this some more thought and now I need to provide additional background, for clarity.

First of all, the problem started occurring in Feb 2010, at which time I sent a note to Jim Blair about it.  He mentioned that sometimes CalMail might modify the text of mail if there are special character set issues, about which he didn't elaborate.  He asked me to send him copies of the affected email (both pristine and "corrupted" versions), which I did, but he never got back to me.

Secondly, I must mention that since the CalMail problems of this winter, I've been forwarding my mail from CalMail through my ISP's mail server.  After sending my first mail on this issue today, I turned off that forwarding, to eliminate the latter as a factor.  However, when this problem started two years ago I had no other mail provider except CalMail.

Thirdly, related to the above:  now that I'm using only CalMail, I no longer receive two copies of mail to a list, since CalMail is smart enough to send me only one copy, namely (in this case at least) the one I bcc'ed.  Hence, the fact that my second email didn't have the problem proves nothing, because it was sent straight to my CalMail address and not through the list.  Since I didn't receive a copy from the list, I can't tell if its signature would have been valid.  Now that I'm back to using only CalMail (no forwarding through my ISP), I'm not sure I'll even be able to detect the problem, unless I stop bcc'ing myself.  So that's what I'm going to do, starting with this email in fact.  Two years ago when the problem started, I wasn't bcc'ing myself, so I did experience the problem.

I hope the above is clear.  I don't want to muddy the waters with respect to figuring this out.

Lucy:  I just received your note about some of my mail showing as unsigned.  Does this actually mean no signature, or an invalid signature?  If the latter, that would confirm the problem at hand.

Mike


-- 
Mike Friedman
[hidden email]
http://mikefberkeley.com


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

signature.asc (203 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] CalMail Tampering with Mail Body?

Lucy Greco-2

Hi:

No sorry I can’t verify or deny  I only can say that jaws for the first time ever said a message was signed on the third message you sent. If you want to see if they are all Sind or not how can I show you short of you dropping in to see smile  but if you do want to drop in that works here smile I will be back in the lab  on Monday               smile

 

 

 

Lucy Greco

Assistive Technology Specialist

Disabled Student's Program UC Berkeley

(510) 643-7591

http://attlc.berkeley.edu

http://webaccess.berkeley.edu

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Mike Friedman
Sent: Thursday, March 08, 2012 5:06 PM
Cc: [hidden email]
Subject: Re: [Micronet] CalMail Tampering with Mail Body?

 

OK, I've been giving this some more thought and now I need to provide additional background, for clarity.

First of all, the problem started occurring in Feb 2010, at which time I sent a note to Jim Blair about it.  He mentioned that sometimes CalMail might modify the text of mail if there are special character set issues, about which he didn't elaborate.  He asked me to send him copies of the affected email (both pristine and "corrupted" versions), which I did, but he never got back to me.

Secondly, I must mention that since the CalMail problems of this winter, I've been forwarding my mail from CalMail through my ISP's mail server.  After sending my first mail on this issue today, I turned off that forwarding, to eliminate the latter as a factor.  However, when this problem started two years ago I had no other mail provider except CalMail.

Thirdly, related to the above:  now that I'm using only CalMail, I no longer receive two copies of mail to a list, since CalMail is smart enough to send me only one copy, namely (in this case at least) the one I bcc'ed.  Hence, the fact that my second email didn't have the problem proves nothing, because it was sent straight to my CalMail address and not through the list.  Since I didn't receive a copy from the list, I can't tell if its signature would have been valid.  Now that I'm back to using only CalMail (no forwarding through my ISP), I'm not sure I'll even be able to detect the problem, unless I stop bcc'ing myself.  So that's what I'm going to do, starting with this email in fact.  Two years ago when the problem started, I wasn't bcc'ing myself, so I did experience the problem.

I hope the above is clear.  I don't want to muddy the waters with respect to figuring this out.

Lucy:  I just received your note about some of my mail showing as unsigned.  Does this actually mean no signature, or an invalid signature?  If the latter, that would confirm the problem at hand.

Mike



-- 
Mike Friedman
[hidden email]
http://mikefberkeley.com
 

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] CalMail Tampering with Mail Body?

Mike Friedman
In reply to this post by Ian Crew
On 2012-03-08 16:48, Ian Crew wrote:
Maybe it has to do with which mailing list it's sent to?  For example, Micronet appends a footer to the body of every message sent to the list, which means it has to process and modify the body text.  For lists that don't have a footer, maybe that doesn't happen....

Just guessing,

Ian,

You have a good point.  Because of the issues I mentioned earlier, I don't have a good set of prior email samples that could test your hypothesis.  For example, I have experienced the problem with other CalMail lists that don't add a footer, but those parcels were being forwarded through my ISP before delivery to me.

So, for now I'll assume you're explanation is correct.  Meanwhile, I've stopped bcc'ing my mail and also stopped forwarding CalMail through my ISP.  If the problem turns out to correlate with which list I'm mailing to, it will confirm your suggestion.  (This may take a while, though, since I don't correspond on these lists very often).

Should your solution appear correct, I'll be contacting my ISP, since their servers may also be contributing to this problem even when CalMail is not adding footers.

Thanks.

Mike


-- 
Mike Friedman
[hidden email]
http://mikefberkeley.com


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

signature.asc (203 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] CalMail Tampering with Mail Body?

Mike Friedman
After giving this some more thought, I've decided simply to stop routinely signing my email.  After all, I've been doing it mainly as an experiment for myself, to test the user interface for digital signatures, since most of my correspondents don't use or validate signatures anyway.  I now figure that those that do are better off not seeing a signature than getting an ominous message from their MUA that the signature is invalid.  I've been looking toward the day when signing email will be the norm.  Meanwhile this is all quite disappointing, if only because the adding of footnotes (and ads) by many commercial email providers is fairly common.

I hope this problem is given more attention for the future.

Mike

-- 
Mike Friedman
[hidden email]
http://mikefberkeley.com


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.