mail-ng
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: a few short notes

2004-02-01 15:00:13
from [Paul Smith] [Permanent Link] 

At 15:56 01/02/2004, Iljitsch van Beijnum wrote:
I'm not convinced that using non-ASCII characters in headers is a good idea either. Headers must be simple and unambiguous. Having text in them that your computer can't even display and if it can, 99% of the world population can't spell, isn't a good idea.
Maybe it makes sense to have different types of headers: ones that are relevant to the sender and recipient only, so they can be in any format, and others that must be more general so they must be in ASCII.
Maybe there should be 'alternative' data in headers. The headers that would be appropriate for non-ASCII characters are things like subject, from, To etc. (Not any 'control' headers (if they were to still exist in mail-ng))
I personally think that having a non-ascii email address as an only email address is a bad idea in the vast majority of cases, but I can see the point of having a non-ascii email address as one of your email addresses (as well as an ascii one) if you have a non-ascii name/organisation name.
So, you could give two 'from' addresses, for instance, one in ascii, one in your local character set/UTF8.
The subject could always be UTF8 as far as I'm concerned, it would only be non-ascii if it was expected that the intended recipient could read it.
Mandatory authentication is also a bad idea IMO. Obviously authentication is very important and must be supported so that people who only want to receive mail from verifyable sources get to implement this policy, but that doesn't mean that we should force *everyone* to use such a policy.
I'd say that mandatory user -> server authentication is vital (I can't see any reason NOT to have it, and it certainly removes/reduces the need to have other authentication methods - eg IP address filtering - which can cause problems)
server -> server authentication is more difficult. I wouldn't like an authentication method as for user -> server authentication, but some form of sending server 'verification' rather than authentication would be good (SPF, DNS record checks etc). Many ideas have been suggested recently which would work with SMTP, and most would be fine if other issues with SMTP were removed simultaneously and the verification methods were made mandatory 


Paul                            VPOP3 - Internet Email Server/Gateway
support(_at_)pscs(_dot_)co(_dot_)uk                     http://www.pscs.co.uk/
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: What I see as problems to solve ... and a strawman solution, Paul Smith
Next by Date:  Re: Setting the stage, Paul Smith
Previous by Thread:  Re: a few short notes, James Seng
Next by Thread:  Re: a few short notes, Chuq Von Rospach
Indexes:  [Date] [Thread] [Top] [All Lists]