| ▲ | js2 a day ago | |||||||||||||||||||||||||||||||
> Try figuring out the message size that the forwarding edge (icloud.com) accepts, but the receiver (the mailbox server) does not. Is this a theory or did you test this yourself? Anything even 1 byte less than that rejected at the edge passes through. And there's not a chain of SMTP servers either. It goes through a single SMTP server into my iCloud mailbox. If you think this is the flaw, you're welcome to prove it. I'm skeptical and not spending more time on it. Edit: this is with forwarding to an icloud.com address. If forwarding to a private domain and that domain's SMTP servers have more restrictive size limits, then yes, that bounce could reveal the real address. Don't use a non-icloud.com real address with HME. But the original (vague) description of the problem says nothing about whether the real address matters. In any case, I have no way to test that scenario. | ||||||||||||||||||||||||||||||||
| ▲ | winstonwinston a day ago | parent [-] | |||||||||||||||||||||||||||||||
> Is this a theory or did you test this yourself? This is just a pointer for exercise you could do if you are interested. I can’t tell what is the actual HME vulnerability they claim to exist. | ||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||