Raymond.CC Blog

Decoding MSN “The following message could not be delivered to all recipients” Error Message

raymond

·

Few days ago I was trying to help a friend troubleshoot a computer problem using teamviewer. For some weird reasons when I gave him the direct link to download the Teamviewer QuickSupport module, Windows Live Messenger gave me an error “The following message could not be delivered to all recipients” message.

The following message could not be delivered to all recipients

I thought that MSN blocked the link because there was an .EXE extension which can be unsafe so I tried uploading to MediaFire which the download link contains only random letters and numbers without the extension, but it still got blocked. I also remembered very clearly that I tried on Rapidshare but it was blocked too. Finally I had to ask him visit teamviewer.com and click on the “Join a Session” button to download the quick support module.

I googled and found some people also had the problem of MSN blocking Mediafire links. I really thought that this is the case but after doing more research, it appears to be different and MSN doesn’t hate or intentionally block MediaFire links.


I found out from MSN Protocol website that it is possible to use the GCF payload command to request a configuration file Shields.xml that controls blocking of security sensitive items like hyperlinks, Winks and Dynamic Display Pictures from the server. From Wikipedia I also found out that the latest MSNP is now 18 but the GCF link is on 11. Further research tells me that ever since MSNP13, they no longer pushes Shields.xml and the configuration files are now called policies.

Now I have some idea on how it works so I fired up oSpy and attach it to Windows Live Messenger to start sniffing the received data. I search for the word SHIELDS in the packets and found one received packet that has very interesting data. As you can see at the screenshot below, it has tons of base64 encoded strings for imtext value.
MSN censored words

When I decoded one of the strings “cGhvdG8yMzRcLnppcA==” with an online Base64 decoder, it shows a filename “photo234\.zip” which I am pretty sure that’s the blacklisted word because there used to be MSN virus circulating around with similar filenames. I tried sending a test message with any URL together with that filename and BINGO! that message is blocked with the error “The following message could not be delivered to all recipients”.

proof censored word by MSN

Later I discovered that you don’t really need a packet sniffer to get the base64 encoded blocked because Windows Live Messenger has an option to enable connection logging. Open Windows Live Messenger, go to Tools > Options > Connection > Advanced Settings button > check Save a log of my server connections to help troubleshoot connection problems. Now sign in to your MSN account, and again go Tools > Options > Connection > Advanced Settings button > and click the View Log button. Search for the word SHIELDS and at the same line you will find a lot of encrypted imtext value such as aW1nNS0yMDA3XC56aXA=.

I’ve decoded all 91 strings from the current block list which contains censored words and URLs but I still couldn’t find why mediafire links are blocked. Further online research shows that the censored list gets updated, for example, older censored word list used to have “.pif” but now doesn’t and it is still being blocked. Try appending .pif with any links and the instant message surely can’t go through. Finally through online research, I found out that Mediafire links are blocked because “download.php” is in the URL and it is one of the older censored words.

For your convenience, I have compiled a list of blocked words by MSN. It may not be complete but it is currently the biggest list you can find on the Internet.

.pif
168.169.78.19
1717wan.cn
51kongqi.com
51pingguo.cn
66663.cn
930le.com
94nile.com/apple
995ba.com
acilastir.info
acisalavans.info
acisalcap
albrahem.com
album.zip
amazondakayboldum.info
amazonhalki.info
amigosparasempre.smtp.ru
amigosparasempro.smtp.ru
armazfiles.smtp.ru
baratinha.mypets.ws
belgravehelpdesk.com
bezgi.info
bireyci.info
block-checker.com
blockinrio
bobblak.com
bobyup
bobzop.com
boyamagucu
burasiseninyerin.info
bush-gracioso.exe
checkmessenger.net
chinacircle.com
chirstmas-2007.zip
clipdeeps.com
dansadimi.info
downgrdr.exe
download.php
dreamlife365.com/member/
e-afyonkarahisar.info
ekars.info
ekastamonu.info
emret.info
fantasma.zip
fmconsulting
foto.exe
foto722a6
fotos.zip
friendims.com
friendly-offer.com
funbuddyicons.com
funpic.de
g038_jpg.zip
get-messenger
goldwindos2000.com
happy_2008.exe
happy2008.exe
hetandunhasde.com
hornymatches.com
hoto234.zip
imag091307.zip
image031.zip
image206.jpg-www.photoshare[1].com
image25.zip
images.coolpage.biz/images.php
images.getenjoyment.net
images.idohost.com
images.zip
imageswitch.info
img-0012.zip
img021.zip
img-0950.zip
img1756.zip
img301.zip
img-3773.zip
img5-2007.zip
img-6434.zip
img-8197.zip
imp.exe
implay.com
impluse.exe
improfile.net
iwantu.com
life365.com
love33.zip
mainmsn.com
mainmsn.net
malbranche.goracer.de
members.lycos.co.uk/svy21/t/contact.php
memebers.lycos.co.uk/getmessenger
mensagemparavc.mail15.com
messaging-names
messangerstats.net
messengerdeletechecker
messenger-scan
messengertools.org
miralafoto/foto.exe
monclocher.com
monica.zip
moorsh.com
mprofiles.net/members.php?msn=
msnblockerlist.com
msnblocklist.com
msn-friend.com
msnliststatus.com
msnspy.eu
msnwebimages.com
myalbum2007.zip
mydipan.cn
mymsngallery
mypengyou.com
myphoto94.zip
mypictures.zip
mypictures-0108.zip
no-ip.org
noticiasdobrasil.com.sapo.pt/noticiaurgentebrasilnumero9821.com
nowpounds.com
p1377.pic-myspace.info
photo2007-12.zip
photo234.zip
photo656.jpg
photoalbum2007
photogbase.com/pictures.php?photo656.jpg
photos.zip
photos1-2008.zip
pic.zip
pic1273.zip
pics.zip
pics-at-the-party.com
picts-7053.zip
pictura002
portakallidavet.info
profile.php?
quienteadmite.com
reuty.info
secretimages56.zip
shusu.cn
sjegat.pics.skaq.info
sontarih.info
stuff.zip
stuffplug.com/temp/downgrdr.exe
sulandirma
summer2008
sweetpictures.myphotos.cc/katiesex.pif
t35.com
tanyababe.zip
tufoto
tuhafkimse
tunabaligi
tutuskanlik
unknowntools.com
uysallik.info
verti2/fantasma.zip
viotagallery.com
windowslivemessenger.biz/msn/msn.php
wowbam.com
xpimad.com
yorungesel

Remember, MSN does not block these words alone. They must be in hyperlink. You can test them by adding www or http:// infront of those words. There are two ways to bypass this annoying censor by MSN. If you’re trying to send a mediafire link with download.php in the middle, you can use TinyURL to mask the URL. And if you’re trying to send a link with no-ip.org, do not include www or http:// infront of the URL. I find it hard to believe that no-ip.org is blocked by MSN!