Re: PRA algorithm and use of non-standard header fields

Andy wrote:
> 1) The six-steps really ought to be put into pseudo-code with each 
> step spelled out in a separate routine.  I found that the textual 
> descriptions were a little confusing.  If need be, I can contribute my 
> Python code.
My stats also collected how often each step was used in yielding the 
result.  Out of over 7,000 messages, only 8 ever used step 2 
(Resent-From:) and none used step 1 (Resent-Sender:).  Perhaps these 
aren't important and only complicate the issue.  Without them, the 
"Sender if it is there, otherwise From" logic is just the 2822 
definition of who the injector is.
> 2) Many of the steps talk about a "non-Empty" header.  Isn't this 
> requirement also fulfilled by step 5, therefore making this 
> requirement in the subsequent steps redundant?
I agree, though my implementation followed the text to the letter - 
(some of them didn't say non-empty, and I distinguished these cases.)  
I doubt it, not one header in my 7,000 messages was empty.
> 3) It may be necessary to modify the check of the "Sender" header 
> because many systems do not attach a domain name to a mailbox address 
> if the injection and delivery are on the same box.  Or perhaps this 
> should go into an applicability statement section 7 regarding checking 
> of email local to the system.
In my analysis I immediately discarded all local messages, so I can't 
comment.  But this does bring up the question about what constitutes 
"malformed".  While 2822's intentions are pretty strict, it does seem 
to allow for the realities of decades of older mail with not-so-strict 
header formatting.  I'm not sure where to go on this, but I do realize 
that we only expect the PRA to be computed over newly created messages, 
that should, by now, conform to the stricter intentions of 2822.
        - Mark