38
5
I recently got an e-mail with the title
=?utf-8?B? 8J+QtiBZb3UncmUgYSBzdHJvbmcgY2FuZGlkYXRlIGZvciBvdXIgZnV0dXJlLCBQZXRlciDwn4e6 8J+HuA==?=
Thinking it might be malware, I ran a check with Malwarebytes, and it came up clean. Is there any legitimate reason for the title to be a nonsensical string of characters?
dpdt
Posted 2016-06-16T23:55:18.310
Reputation: 833
85
What you have is some header text encoded with a failed attempt at RFC 2047.
RFC 2047 is the standard governing embedding non-ASCII characters in email headers, and it says that headers which do not comply exactly with the RFC 2047 standard should be displayed as-is, rather than decoding being attempted. So your email software is seeing the bad header and displaying it “correctly” (as required by the standard).
No mainstream software flouts RFC 2047 so badly as that, so it's probably coming from some dodgy bulk mailing software. The software is making "encoded words" too long (line length limit 76), which is forbidden (RFC 2047 says “MUST NOT”).
Despite being over-long it can be decoded manually; it looks like some sort of recruiter spam:
You're a strong candidate for our future, Peter
user313114
Posted 2016-06-16T23:55:18.310
Reputation: 818
24
It is a base64 string, a way of encoding text or data so it can be sent via 7-bit ASCII text supported by emails.
It would appear that your email client does not support base64 in the subject line.
Poking the text
8J+QtiBZb3UncmUgYSBzdHJvbmcgY2FuZGlkYXRlIGZvciBvdXIgZnV0dXJlLCBQZXRlciDwn4e6 8J+HuA==?=
Through base64decode shows the string below. This is the body of the string minus the utf-8 header.
You're a strong candidate for our future, Peter
Mokubai
Posted 2016-06-16T23:55:18.310
Reputation: 64 434
3“ You're a strong candidate for our future, Peter ” Seems legit! – JakeGould – 2016-06-19T04:50:01.890
15@LightnessRacesinOrbit That's assuming the spammers are accurate. Apparently, my first name is often "FirstName". – TripeHound – 2016-06-17T11:36:26.890
1@TripeHound: Mine are almost always accurate. – Lightness Races with Monica – 2016-06-17T12:32:38.733
5@vaxquis: most typefaces render it as thirteen horizontal stripes alternating red and white; in the canton, 50 white stars of alternating numbers of six and five per row on a blue field. – Jacob Krall – 2016-06-17T13:29:58.220
4
@JacobKrall aaah, http://emojipedia.org/flag-for-united-states/ ... on my PC, it's just a
– None – 2016-06-17T13:40:05.830USglyph.1@vaxquis same here; I think it's something to do with the user agent. On iOS, I see the US flag, but in Firefox I see the digraph US. – Jacob Krall – 2016-06-17T13:43:57.593
1@JacobKrall yeah, it depends on the text layout / font engine. It's actually encoded as two characters, one representing "U" and the other "S", forming a grapheme cluster. Then something like ligature handling comes into play — if the renderer has a replacement for that grapheme cluster (i.e. a flag) it uses it, otherwise the "US" appearance at least gives some clue what was intended. – hobbs – 2016-06-17T17:14:30.737
See also: Animated icon in email subject
– ale – 2016-06-17T19:41:32.883