Email message partial parts are blocked
- Article Number: 000011690
- Products: Forcepoint Email Security Cloud
- Version: All versions
- Last Published Date: June 12, 2020
Email message partial parts are blocked when using Email Security Cloud.
Emails where the contents are split into fragments as a method of message encoding has become increasingly rare due to security problems, and Forcepoint blocks message parts which are labeled as MIME message/partial parts.
There have been numerous reports from other systems of the potential to bypass SMTP Content Checking by using the ability of certain mail clients to split email messages into smaller fragments for onward distribution. This is most often done where the sending client is on a slow connection, sending a message in smaller fragments. This message is then "stitched" back together by the receiving mail client.
If the original message contains malicious content, that content may not be detected because the individual parts of the message in themselves do not constitute malicious content. The content only becomes malicious when all of the constituent parts of the message are re-assembled. Each part of the message may route through a different cluster, which makes scanning in transit difficult and why Forcepoint blocks the partial fragments of the message.
Keywords: partial parts; email blocking; emails stuck; attachment; quarantine