--On 14 October 2010 13:44:40 -0400 "John R. Levine"
<johnl(_at_)iecc(_dot_)com> wrote:
That makes it invalid input to any module that requires input to comply
with RFC5322, pure and simple.
Well, OK, with the stipulation that no existing MUA I have ever seen is
such a module.
Nor MTA, either. Exim has a "verify = header_syntax" ACL option, which
checks the syntax of headers that contain addresses, but it doesn't count
headers, so it doesn't spot this problem. A bug report has been filed, so
this conversation has helped there.
I think if it becomes well-known that users of MUA 1 are easier to phish
than users of MUA 2, a lot of people will gravitate to the safer
implementation, don't you? I sure would.
Aw, come on. How many millions of people still use Outlook Express on
Windows XP? Switching MUAs is painful, people rarely do it.
Too true. When I started working here in 1999, Siren Mail had just ceased
development. We've only just (in the last few months) got Siren Mail out of
the hands of the last user hanging on. And the motivation there was that
Siren Mail didn't do authenticated SMTP!
--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html