-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Jan 23, 2008, at 11:27 AM, Frank Ellermann wrote:
Jon Callas wrote:
E.g. the syntax <user>@<tld> is legal.
Not under RFC 2821 rules intentionally demanding
"at least one dot" - to get rid of <user>@<host>
constructs, where <host> is no FQDN.
It will be however legal under 2821bis rules, if
the IESG can resist all temptations to overrule
John's decision. Of course what's legal or not
isn't necessarily related to what happens if you
try to use a TLD as host in SMTP or NNTP.
most software incorrectly thinks that example(_at_)ai
is not a legal email address.
Maybe submit this observation to Dave's collection
of 2821 interoperabilty reports, folks on the SMTP
list had serious difficulties to figure out what's
best. "Don't talk about it" was no option.
I still think that collapsing " at " into "@" was
a mistake, but I'm like that.
That gives you odd places where LWSP has to work,
it would immediately kill RFC 2822 and dozens of
RFCs built on the new 2822-concepts (excl. "obs").
That I consider deprecating reverse paths while
keeping 1123 5.3.6(a) as a serious mistake (and as
reason of the spam problem, not less) is also odd,
but I consider SPF as "good enough" to fix it. :-)
This sounds like a digression, but I don't think it is.
Email is a delightfully baroque thing, and some things fade into and
out of common use. An address of example(_at_)tld was legal, isn't, and
will be. But if Outlook 2^n-1 doesn't support it, it almost doesn't
matter if it's legal.
My love of " at " is purely aesthetic, and a horse that's been dead
for a quarter-century, no matter how much I miss it and would cheer
its resurrection.
Multiple-from is another feature that's known to be dodgy. I have no
emotional attachment to it, but I empathize with those that do. It
would be nice to make it and SSP play well together.
Let me wave a magic wand and create an okay-but-not-great solution. I
would *still* recommend to all high-risk-phish targets that they
*never* use multiple-from. I would recommend to a filtering agent to
look askance at it. I believe that an real-world Bayesean filter would
correlate multiple-from with misuse for the simple reason that there
are so few legitimate users.
So here's my magic wand: make an SSP option that says, signall
+multiplefrom. In other words, it says that I sign all, and it's okay
to have a multiple-from. Without that modifer, there will be no
multiple-froms.
If you don't like this, tweak the multiplefrom modifier to singlefrom,
change defaults or anything else.
Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.6.3
Charset: US-ASCII
wj8DBQFHl6xwsTedWZOD3gYRAvXnAJ0UtyDTgKIpivINzbnekXYUE4RR/ACcDd0C
DJS6fS78OJ8TmjGLNQcpi20=
=LB3Y
-----END PGP SIGNATURE-----
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html