[Top] [All Lists]

Re: [ietf-smtp] Quoted-Printable-8bit and downgrade

2021-03-31 22:38:45
On Mar 31, 2021, at 3:40 PM, John Levine <johnl(_at_)taugh(_dot_)com> wrote:

Interesting question.  I presume there are still MTAs that can do downgrades
but how common is it in practice?

Postfix will do 7bit downgrade by default if the content is designated
or detected as 8bit and the remote MTA does not advertise 8BITIME support:

So will Oracle's Messsaging Server. Whether or not this matters given the
widespread deployment of 8BITMIME is another matter. I checked my own logs just
now and in the past 3 years I couldn't find a single case where a downgrade
actually occurred.

It breaks DKIM signatures unless the MTA can find the signing keys and 
on the fly which seems a bit much.

For outbound mail, where the MTA/MSA is also the one doing the signing, the
safest thing is to just downgrade all messages before signing, so that
there's never any post-signature dynamic downgrade during delivery.  This
can be done by passing through an internal SMTP content filter that does
not offer 8BITMIME.  I expect most administrators don't do this.  In which
case any submitted 8BITMIME message may get downgraded after signing.

This is trivial to do in our MTA - a single option setting, as a matter of fact.
I don't set it because I want to see if there's any downgrading to be done,
but we recommend that sites doing DKIM signing consider using it.

Since most MUAs do quoted-printable defensively, actual downgrading at
the MSA is rare.

Not IME. I get quite a few unencoded text/html parts.

I also see a lot of 8bit text (both plain and html), lack of non-English usage
notwithstanding. It's mostly fancy quotes, ellipses, and similar punctuation
characters, although use of emoji is steadily increasing.

And as I pointed out >30 years ago during the MIME work, there are plenty of
English words that employ diacritics. In fact in some cases diacritics are added
to imported words that originally didn't have them.


P.S. I have to say I find the fancy quotes quite annoying, especially when some
client decides to use them in sample code. They may look better, for some value
of "better", but compilers and validators don't much care for them.

Inline Emoji are also an issue for me because of font size - Unicode display
rules for inlined Emoji produce intricate little blobs my crappy eyes
are incapable of deciphering.

ietf-smtp mailing list