ietf-mxcomp
[Top] [All Lists]

Re: PRA algorithm and use of non-standard header fields

2004-07-19 15:06:40

On Mon, 19 Jul 2004, Mark Lentczner wrote:

My stats also collected how often each step was used in yielding the result.
Out of over 7,000 messages, only 8 ever used step 2 (Resent-From:) and none
used step 1 (Resent-Sender:).  Perhaps these aren't important and only
complicate the issue.  Without them, the "Sender if it is there, otherwise
From" logic is just the 2822 definition of who the injector is.

No, you have to include the Resent- headers in the algorithm to be
properly conformant with RFC 2822 and RFC 822. One of the standard MUAs at
our site for over 10 years has been Pine which does roughly the right
thing with Resent- headers (it uses 822 rather than 2822 syntax in this
respect). It might be a bit rare but it isn't unimportant.

But this does bring up the question about what constitutes "malformed".  While
2822's intentions are pretty strict, it does seem to allow for the realities
of decades of older mail with not-so-strict header formatting.  I'm not sure
where to go on this, but I do realize that we only expect the PRA to be
computed over newly created messages, that should, by now, conform to the
stricter intentions of 2822.

I recently experimented with header syntax verification as an anti-spam
measure, and I found out quite how atrociously bad modern software is at
following RFC 2822. Particularly bad examples include the Microsoft MUA
which produces headers like
        To: <Undisclosed-recipients:;>
or bare local parts in Sender: headers, or nothing but a display-name, or
the display-name following the angle-addr instead of coming before it, or
an unquoted addr-spec before an angle-addr. Utterly hopeless.

Tony.
-- 
f.a.n.finch  <dot(_at_)dotat(_dot_)at>  http://dotat.at/
NORTHWEST FITZROY SOLE: SOUTHERLY VEERING WESTERLY 5 OR 6. RAIN OR SHOWERS.
MODERATE OR GOOD, OCCASIONALLY POOR.