ietf-smtp
[Top] [All Lists]

Re: [ietf-smtp] New Mailing List to discuss email canonicalization?

2016-04-15 13:34:38
If you ask people to type in their address in a web form, the addresses 
will largely be typed in by people whose email addresses are 
case-insensitive, and many of them know it. Rather like their names and 
street addresses, which have proper casing but not essential casing.

You're suggesting that although the user may know the address to be 
case-sensitive, the software used should absolutely not consider it 
case-insensitive.

That sort of dissonance between user and software just isn't good.

The advice I'd give is that if you use e-mail addresses as user IDs,
you need to store the address the way the used typed it, not as some
case folded version thereof.  People aren't surprised by case
sensitive passwords, and it seems unlikely that many people type their
addresses with inconsistent capitalization from one time to the next.

The problem is that this is an extremely steep slippery slope.  I
doubt there's anywhere that joesmith@example, JoeSmith@example, and
JOESMITH@example are different mailboxes, but it's still not a great
idea to assume that if the user gave you one version, that you can
send mail to another of them.  Can you assume that joesmith@example
and joe.smith@example are the same?  If it's gmail, yes, if it's
anyone else, who knows?  As has been repeatedly pointed out, the whole
idea of case folding blows up when you move from ASCII to EAI and
UTF-8.

As Ned said, some way to retrive info associated with an address,
and maybe to ask whether two addresses are the same (for an
ill-defined and highly security fraught version of "same") could be
useful.  Trying to create canonical versions of addresses is not.
That's not how mail systems work.

R's,
John

_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp

<Prev in Thread] Current Thread [Next in Thread>