Why did I get an e-mail with a nonsensical header?

I recently got an e-mail with the title

=?utf-8?B? 8J+QtiBZb3UncmUgYSBzdHJvbmcgY2FuZGlkYXRlIGZvciBvdXIgZnV0dXJlLCBQZXRlciDwn4e6 8J+HuA==?=

Thinking it might be malware, I ran a check with Malwarebytes, and it came up clean. Is there any legitimate reason for the title to be a nonsensical string of characters?


Solution 1:

What you have is some header text encoded with a failed attempt at RFC 2047.

RFC 2047 is the standard governing embedding non-ASCII characters in email headers, and it says that headers which do not comply exactly with the RFC 2047 standard should be displayed as-is, rather than decoding being attempted. So your email software is seeing the bad header and displaying it “correctly” (as required by the standard).

No mainstream software flouts RFC 2047 so badly as that, so it's probably coming from some dodgy bulk mailing software. The software is making "encoded words" too long (line length limit 76), which is forbidden (RFC 2047 says “MUST NOT”).

Despite being over-long it can be decoded manually; it looks like some sort of recruiter spam:

🐶 You're a strong candidate for our future, Peter 🇺🇸

Solution 2:

It is a base64 string, a way of encoding text or data so it can be sent via 7-bit ASCII text supported by emails.

It would appear that your email client does not support base64 in the subject line.

Poking the text

8J+QtiBZb3UncmUgYSBzdHJvbmcgY2FuZGlkYXRlIGZvciBvdXIgZnV0dXJlLCBQZXRlciDwn4e6 8J+HuA==?=

Through base64decode shows the string below. This is the body of the string minus the utf-8 header.

🐶 You're a strong candidate for our future, Peter 🇺🇸