When we receive a spam incident report eg. from Hotmail, it typically arrives as a mime message with a
message/rfc822 type attachment containing a spample. We typically would like to give our clients the spample as a part of the text body. As we’re a NREN and our clients are educational institutions like universities, the most common spam case is stolen student accounts.
Back when spammers used to just send text email messages, one could view the complete original email content on RTIR including the headers by using the “Download / with headers” button.
These days, when most self-respecting spammers do
multipart/alternative messages the RTIR UI changes to have buttons for each of parts, but nothing for the base message itself. The “Show full headers” portion is not very useful for this, as it’s not copy-pasteable.
I’ve talked with other RTIR users, and they’ve suggested the same solution I’ve come up with: using an external email program with the email message for copy-pasting purposes. Seems a bit silly, since RTIR already has the complete spample in the incident report at this point, why don’t I have anything in the UI to display it?
At this time we are using RT 4.1.12, has this functionality been improved in later versions?