--On Monday, April 14, 2014 00:10 -0400 John R Levine
<johnl(_at_)taugh(_dot_)com> wrote:
Sadly, there are a non-trivial number of MTA installations
whose implementers or operators, having discovered that they
had not seen a legitimate use of the percent hack in years,
decided that they were about as likely to appear in
legitimate messages as source routing and dealt with them
accordingly. Put more simply, a "%" in a local-part may be
least as likely to get a message rejected or dumped as a
badly specified DMARC record, so the one is really not a very
good cure for the other.
Since the percent hack became a famous vector for open relay
abuse, so we all stopped honoring it. A lot of MTAs still
reject anything with a % saying something like no more source
routing. Mine does.
Exactly.
So this would require inventing something with the same
semantics as the percent hack, but a different syntax.
Perhaps we can use an exclamation point.
I suppose the correct response is "bang, bang, bang,..."
But this takes us back to Ned's point (or at least my
interpretation of it): it is lots easier to fix a bad DMARC
config, ignore restrictive DMARC specifications, or even to
abandon DMARC entirely, than it is to believe that we can
upgrade every MTA and MUA on the network to start accepting
percent hacks, bang paths, or the syntax characters used to
denote them, again. Or any other strange local-part syntax
anyone is likely to come up with, e.g., perhaps we could use
plus signs, hyphens, or appropriately-escaped backslashes. Or
we could steal "/" and "=" back from X.400 gateways. Right.
john