On Sat, Jul 02, 2005, Hector Santos wrote:
From: "Claus Assmann" <ietf-smtp(_at_)esmtp(_dot_)org>
[Please do NOT Cc' me.]
You got it!
For this mail, but not for the other(s) :-(
How do you know it's not a domain? Do you
perform a DNS lookup?
No. Not for this specific test.
So why do you say it's an invalid syntax? As I quoted from RFC 2821
it's valid (please correct me if I'm wrong).
And this just my personal opinion, this level of MAIL FROM:sp syntax check
that has absolute no SMTP level correlation to a malicious sender, yet also
inconsistent with the majority of operations on the internet.
Well, that's your opinion. My opinion is that every relaxation leads
to overhead and more code (and in the worst case to security
problems). Where do you draw the line? If everyone makes up his
own "line" ("this is ok, but that isn't") then we have some nice
chaos (e.g., like you pointing out "But Exim and Sendmail 8 accept
this"). And last, but not least, some MTAs are so "nice" that they
accept almost all garbage, which is nice "leftover" from the good
old days, but not appropriate anymore. It leads to sloppy programming
and pressure on other MTA authors ("but MTA Z accepts
Mail From: (My Name) me(_at_)my(_dot_)domain
why doesn't yours?"). I'm really tired of adding all these workarounds
to sendmail 8 just that it can "communicate" with some so-called "MTA"