From the Barn

Do you have sex in your email signature?

Sex Email Signature

Having sex in your email signature, can be a problem. You might not think it,  but it can be. Trust me.

We do a lot of email hosting for some of our clients and as part of this service we have a several filters in place to keep out the spammy and offensive email content. As is the nature of email spam the senders (mental and desperate entrepreneurs) use a variety of methods to change their sending IPs and addresses to get past your best efforts. Sometimes you have to pull up your sleeves and delve into the content to find keywords to block them when all else fails.

In this case we had a specific account that kept on receiving spam that contained the word SEX. As there was no reason to receive email content relating to the carnal pleasure, it was decided to apply a global filter across all of the domain email accounts for the keyword. It fixed the problem and we moved on with our lives.

A few days after the filter was implemented, we received a request to look into why emails sent by one of the accounts on the domain are not being delivered to the recipients. We fired up the delivery tracer and noticed that all the emails send from this account was indeed been blocked by the spam filter. It was been blocked for containing the word sex. The only problem was that the mail content did not contain the word sex.

Sex in Base64We spent a couple of hours trying to figure out why this rule was being applied. After a while you start to check each and every other rule created. You run delivery tests from the server interfaces against the rules using the email account in question and they all pass with flying colours. You send from the webmail interface and… it gets delivered. Just not from the email client, which was Microsoft Outlook.

Eventually I realised that the only difference in our testing and a real world sending process was that when sending from Outlook via the desktop, the email signature was included. When running the tests from the server and webmail interface, it was not present. So we opened up the mailer source and started looking at it more closely in relation to the global filter rules.

Sex in your email signature? How does that work?

What was happening was that the email client took the image of the signature and encoded it as Base64. Within the string of the base64 text was the answer. SEx sat comfortably between hundreds of other random alphanumeric characters. When received by the recipient it would be decoded and present itself again as the signature of the sender, but the spam filter did not care too much for this. It simply applied the rule because it felt the content was naughty.

To be very honest, this is the first time in over 10 years of working with emails and filters that I have come across a case of this nature. Needless to say we had to tweak the filter a bit to resolve the issue. On the one side I felt a bit stupid for the reason it was blocked, but also proud for solving it. The fun part was explaining to the client the reason behind the mails being blocked.

I sometimes get the impression that they think that I make stuff like this up for my own entertainment. In this case if I didn’t see it for myself, I would not blame them for doing so. The great news is that we always keep on learning new things each day, and that counts more.

Leave a Reply

Your email address will not be published. Required fields are marked *

four × 5 =