[GLLUG] Brain-fart of the day - just need to share.

John Winters john at sinodun.org.uk
Fri Jun 19 08:31:50 UTC 2020


An energy provider which shall be nameless (cough, Ovo, cough) has just 
put a new web system live which requires you to go through a 
password-reset, confirmation e-mail, click cycle in order to switch over 
to using it.

Having problems with not receiving the e-mails, I did a bit of 
diagnostic work.  The problem was this line in the header of their e-mail:

List-Unsubscribe: 
<mailto:u+mq6windggy2dijtjhuzdamrqga3dcojqhaytomzxfyysXXXXXXXXXXkcifbemrkbim3dqqjfgqyXXXXXXXXXX5tpfvrw63lnomxgg3zoovvsm2b5mfrgcyjvmi2tgylfhazdcodbmezwczlegy3wcn3bmvqwimteg5tcmy3von2g63j5eu3uejjsgjrxezlborswiqlueuzdejjtiestemrsgazdaljqgywtcokuga4ckm2bge3skm2bgm3c4ojvgfnckmrseuzegjjsgjrxk43un5wwk4sjmqstemrfgnaskmrsn53g6llfnzsxez3zeuzucmrzmfrwgmtfmywtkmjtguwtizrymiwwezjwgmwtsmdbmeztqnbxgezwinjfgizckmsdeuzde5dsmfrwkvdpnnsw4jjsgistgqjfgizdqy3gmfrgenzqfvrwcmtbfu2gknjzfu4gkylgfvtgizbtmi3tombsha3gcjjsgisteqzfgizggylomfzhsjjsgistgqlgmfwhgzjfgjbskmrsorsw24dmmf2gktlbnzuwmzltoqstemrfgnaskn2ceuzde2leeuzdejjtiestemt2mrxde5dugrywe2dhgzyha53jozxww5bxnzvtk53beuzdejjsimstemtwmvzhg2lpnystemrfgnaskmrsgeys4mbfgizckn2eeuzegjjsgjuw45dfojxgc3cuojqwgzkun5vwk3rfgizckm2beuzdeobugfsdmnzsgewteytdgewtiylgmiwtsmrxhawtkzddmjsdqn3egrqwgyzfgizckmsdeuzde5dsnftwozlsknxxk4tdmustemrfgnaskmrsmjsdimrwmmzweljthfrtsljugqytollbgfrtoljwhbrwgytcha3gkmjqhastemrfgjbskmrsmzzgszlomrwhsrdfonrxe2lqoruw63rfgizckm2beuzde33snfxw4llqmfzxg53pojsc24tfonsxijjsgisteqzfgizgg33nnvewijjsgistgqjfgizdiyrvguztizdgfvsdemrufu2gkylcfu4tendbfuztmnzumrrtaytgmvrgcjjsgistorbgoi6wu33inystimdtnfxg6zdvnyxg64thfz2wwjtuhvrxk43un5wwk4sjmqstgqlpozxs2zlomvzgo6jfgnateolbmnrtezlgfu2tcmzvfu2gmodcfvrgknrtfu4taylbgm4dinzrgnsdkjtuhv2heyldmvkg623fnystgqjymntgcytcg4yc2y3bgjqs2ndfgu4s2odfmftc2ztemqzwenzxgazdqntbez2d25dfnvygyylumvewijjtif5gi3rsor2di4lcnbttm4dqo5uxm33loq3w42zvo5qq at mail.ovo-comms.co.uk>,

which is 1455 characters long, and would seem to give them scope for 
about 36^1400 different unique identifiers.  The limit set in RFC5322 is 
998 characters.

You have to wonder sometimes.

Aaaaargh!

John

P.S.  I have changed two bits to XXXXXXXXX so you'll need to try 36^20 
possible originals (about 13367494538843734067838845976576 or 1.3 * 
10^31 options) if you want to unsubscribe me by brute force.

-- 
Xronos Scheduler - https://xronos.uk/
All your school's schedule information in one place.
Timetable, activities, homework, public events - the lot
Live demo at https://schedulerdemo.xronos.uk/


More information about the GLLUG mailing list