Microsoft Outlook OpenPGP email mangling

Thunderbird sent this originally

MIME-Version: 1.0

--------------ifQr1F6LsbKTWM156Mpiz0LV

Content-Type: application/pgp-encrypted

Content-Description: PGP/MIME version identification

Version: 1

--------------ifQr1F6LsbKTWM156Mpiz0LV

Content-Type: application/octet-stream; name="encrypted.asc"

Content-Description: OpenPGP encrypted message

Content-Disposition: inline; filename="encrypted.asc"

-----BEGIN PGP MESSAGE-----

... pgp ascii message redacted ...

Outlook email system delivered this to the recipient over SMTP

X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0P191MB0722

--_003_AM0P191MB0404C2B56DB607CD2063F211BC39AAM0P191MB0404EURP_

Content-Type: text/plain; charset="us-ascii"

Content-Transfer-Encoding: quoted-printable

--_003_AM0P191MB0404C2B56DB607CD2063F211BC39AAM0P191MB0404EURP_

Content-Type: application/pgp-encrypted; name="PGPMIME version identification"

Content-Description: PGP/MIME version identification

Content-Disposition: attachment; filename="PGPMIME version identification";

size=12; creation-date="Wed, 19 Jul 2023 17:19:27 GMT";

modification-date="Wed, 19 Jul 2023 17:19:27 GMT"

Content-ID: <86F9095842C2C047998976C25CB9665B@EURP191.PROD.OUTLOOK.COM>

Content-Transfer-Encoding: base64

VmVyc2lvbjogMQ0K

--_003_AM0P191MB0404C2B56DB607CD2063F211BC39AAM0P191MB0404EURP_

Content-Type: application/octet-stream; name="encrypted.asc"

Content-Description: OpenPGP encrypted message.asc

Content-Disposition: attachment; filename="encrypted.asc"; size=3749;

creation-date="Wed, 19 Jul 2023 17:19:27 GMT";

modification-date="Wed, 19 Jul 2023 17:19:27 GMT"

Content-ID: <165CF0D0F9E3F944939F58F8E01D62B6@EURP191.PROD.OUTLOOK.COM>

Content-Transfer-Encoding: base64

... base64 redacted ...

So, they clearly tampered with the message itself. Thank you for that. Messages itself were decipherable after manually extracting the content. But that's of course only option for techies and hackers and normies just find out that encrypted emails are getting completely blocked. This problem started when there were those news about SMTP smuggling using different type of line feeds to escape SMTP sessions. It seems likely that Microsoft in panic implemented some fixes, similarly breaking things, when it wasn't completely thought out what their tampering would mean to different types of messages.

All identifying information has been removed, yet time stamps and messages IDs are there, which likely reveal my account (whoa) to Microsoft as well as the friend I used with correspondent when doing this analysis. But we're good with it. Most likely as usual, nobody cares anyway.

kw: Microsoft Outlook email SMTP data content message payload corruption caused by Microsoft by tampering with message

2024-06-16