Re: PRA algorithm and use of non-standard header fields
2004-07-19 14:40:18
Andy wrote:
1) The six-steps really ought to be put into pseudo-code with each
step spelled out in a separate routine. I found that the textual
descriptions were a little confusing. If need be, I can contribute my
Python code.
My stats also collected how often each step was used in yielding the
result. Out of over 7,000 messages, only 8 ever used step 2
(Resent-From:) and none used step 1 (Resent-Sender:). Perhaps these
aren't important and only complicate the issue. Without them, the
"Sender if it is there, otherwise From" logic is just the 2822
definition of who the injector is.
2) Many of the steps talk about a "non-Empty" header. Isn't this
requirement also fulfilled by step 5, therefore making this
requirement in the subsequent steps redundant?
I agree, though my implementation followed the text to the letter -
(some of them didn't say non-empty, and I distinguished these cases.)
I doubt it, not one header in my 7,000 messages was empty.
3) It may be necessary to modify the check of the "Sender" header
because many systems do not attach a domain name to a mailbox address
if the injection and delivery are on the same box. Or perhaps this
should go into an applicability statement section 7 regarding checking
of email local to the system.
In my analysis I immediately discarded all local messages, so I can't
comment. But this does bring up the question about what constitutes
"malformed". While 2822's intentions are pretty strict, it does seem
to allow for the realities of decades of older mail with not-so-strict
header formatting. I'm not sure where to go on this, but I do realize
that we only expect the PRA to be computed over newly created messages,
that should, by now, conform to the stricter intentions of 2822.
- Mark
|
|