<div dir="ltr"><br><div class="gmail_extra"><div class="gmail_quote">On Sun, Aug 5, 2018 at 9:46 AM, Ray Dillinger <span dir="ltr"><<a href="mailto:bear@sonic.net" target="_blank">bear@sonic.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
I've encountered some email addresses that are apparently base64 encoded<br>
usernames prefixed with a four-character nonce.<br>
<br>
For an example with a fictitious username, email addresses AX2bY2xhcmti,<br>
gg68Y2xhcmti, cUn4Y2xhcmti, etc, all have the form<br>
<br>
{four alphanumeric characters}{'clarkb' encoded in base64}</blockquote><div>.... </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
I was thinking about how it would be done...<br>
</blockquote><div><br></div><div>If you own the domain much is almost easy even with a Gmail served domain.<br>Gmail already allows a slightly less obfuscated version using +<br> me+bear@some.gmail.served.domain<br>IMAP and POP allow the messages to be pulled and processed. <br><br>If you own a gmail service a default email address can be specified<br>and so messages with <span style="font-size:small;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">{four alphanumeric characters}{'clarkb' encoded in base64} </span></div><div>can be de-mangled with perl or python or something.<br> <br>The difficult part is remembering who was given that mangled name.<br><br>Sendmail has rewriting rules as well. Again remembering who gets what is a <br>data management process that needs to be added to aliases.<br><br>Mutt pays attention to some environment and command lines.<br><span style="background-color:rgb(255,255,255)"><span style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.3333px;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">See </span><a href="http://www.mutt.org/doc/man_page.html" target="_blank" rel="nofollow" style="color:rgb(34,34,156);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.3333px">http://www.mutt.org/doc/man_page.html</a><br style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.3333px;text-decoration-style:initial;text-decoration-color:initial"><span style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.3333px;text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">There is no command line switch for this, but their is an ENV variable, so at the top of your script add:</span><br style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.3333px;text-decoration-style:initial;text-decoration-color:initial"><br style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif;font-size:13.3333px;text-decoration-style:initial;text-decoration-color:initial"></span> $ export REPLYTO="foo@bar.baz"<br> $ mutt -s "Report for ${CLIENT} Feed" -a ${MNT}${CLIENT}${REPORT}/${f1} ${RECIPIENT} <${MSG}<br><br><br>I guess I would like to see all the headers of the message to see what tool set</div><div>was likely used. <br>Even this list uses interesting headers. Added an X to not confuse the list.<br> FXrom: John Denker via cryptography <<a href="mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a>> <br> RXeply-To: John Denker <<a href="mailto:jsd@av8n.com">jsd@av8n.com</a>><br><br><br></div></div><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"> T o m M i t c h e l l</div></div>
</div></div>