Tuesday, February 01, 2011

Yahoo confirmed culprit in Windows Phone data usage overages

Last week, I tore apart Windows Phone feedback packets to determine the feature’s role in the Windows Phone 7 data usage saga. I didn’t find anything of significant worry there, so I moved onto the next suspected culprit in the list: Yahoo.

Sniffing out IMAP packets to and from a Windows Phone isn’t as straight forward as it sounds. Microsoft’s IMAP4 implementation is very aware of the STARTTLS extension emitted by IMAP servers and switches to encrypted communication as soon as its detected, kinking the sniffing operation. (Worse, there’s no official UI for forcing clear-text communication.) To workaround this, I wrote a quick nodejs script to strip IMAP connections of the STARTTLS bit and passed them on to their destination.
What I discovered was shocking, although not surprising. Yahoo’s IMAP server (winmo.imap.mail.yahoo.com) does not respond to FETCH requests correctly. For example, one of the FETCH commands issued after tapping the refresh button looks like this:

FETCH 1:10 (UID FLAGS BODY.PEEK[HEADER.FIELDS (MESSAGE-ID)])

In plain English, this command reads: “Please fetch me the UID, flags, and message-id for messages 1-10 inclusive.” A typical response (AIM in this case) would look something like this:

* 1 FETCH (UID 258 BODY[HEADER.FIELDS (MESSAGE-ID)] {81}
Message-Id: [contoso194089-0-1475496219-3-11262342655328369@CONTOSO.COM]
FLAGS (XAOL-RECEIVED XAOL-GOOD XAOL-GOODCHECK-DONE XAOL-CERTIFIED-MAIL XAOL-BILLPAY-MAIL $hasEmbedded))
...
OK FETCH completed
X-YMAIL-UMID: 1_1231_AH9SAiosajdifsLGYp8
Delivered-To: rafael@withinwindows.com
Received: by 0.0.0.0 with SMTP id b14cs36932vcd;
       Wed, 24 Nov 2010 09:48:20 -0800 (PST)
[snipped]
Received-SPF: pass (google.com: domain of bxp60spbgycisj582h2kt@contoso.com designates 0.0.0.0 as permitted sender) client-ip=0.0.0.0;
DomainKey-Status: good (test mode)
Authentication-Results: mx.contoso.com; spf=pass (contoso.com: domain of bxp60spbgycisj582h2kt@contoso.com designates 0.0.0.0 as permitted sender) smtp.mail=bxp60spbgycisj582h2kt5hjwxuss6f@contoso.com; domainkeys=pass (test mode) header.From=dummy@contoso.com
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
 s=200505; d=email.contoso.com;
 b=[snipped]+CKirfbuapQiU=;
h=Date:Message-ID:List-Unsubscribe:From:To:Subject:MIME-Version:Reply-To:Content-type;
Date: Wed, 24 Nov 2010 17:48:39 -0000
Message-ID: [bxp60spbgychw1axh2kt.7412145937.3427@MTA915.CONTOSO.COM]
List-Unsubscribe: [mailto:rm-0bxp60spbgychw1axh2kt@EMAIL.CONTOSO.COM]
From: "Contoso" [dummy@EMAIL.CONTOSO.COM]
To: rafael@withinwindows.com
Subject: This is a test message
MIME-Version: 1.0
Reply-To: "Contoso" [dummy@EMAIL.CONTOSO.COM]
Content-type: multipart/alternative; boundary="=bxp60spbgychw1axh2kt5hjwxuss6f"
...
OK FETCH completed
Now, that may not look like much but sandwich the extra bytes with encryption and multiply the size of each chunk by the number of emails in your inbox (or folder)... yeah. Scary. Yahoo is sending ~25 times as much data as it needs to.

Read more: Within Windows