Re: a few short notes
2004-02-01 15:00:13
At 15:56 01/02/2004, Iljitsch van Beijnum wrote:
I'm not convinced that using non-ASCII characters in headers is a good
idea either. Headers must be simple and unambiguous. Having text in them
that your computer can't even display and if it can, 99% of the world
population can't spell, isn't a good idea.
Maybe it makes sense to have different types of headers: ones that are
relevant to the sender and recipient only, so they can be in any format,
and others that must be more general so they must be in ASCII.
Maybe there should be 'alternative' data in headers. The headers that would
be appropriate for non-ASCII characters are things like subject, from, To
etc. (Not any 'control' headers (if they were to still exist in mail-ng))
I personally think that having a non-ascii email address as an only email
address is a bad idea in the vast majority of cases, but I can see the
point of having a non-ascii email address as one of your email addresses
(as well as an ascii one) if you have a non-ascii name/organisation name.
So, you could give two 'from' addresses, for instance, one in ascii, one in
your local character set/UTF8.
The subject could always be UTF8 as far as I'm concerned, it would only be
non-ascii if it was expected that the intended recipient could read it.
Mandatory authentication is also a bad idea IMO. Obviously authentication
is very important and must be supported so that people who only want to
receive mail from verifyable sources get to implement this policy, but
that doesn't mean that we should force *everyone* to use such a policy.
I'd say that mandatory user -> server authentication is vital (I can't see
any reason NOT to have it, and it certainly removes/reduces the need to
have other authentication methods - eg IP address filtering - which can
cause problems)
server -> server authentication is more difficult. I wouldn't like an
authentication method as for user -> server authentication, but some form
of sending server 'verification' rather than authentication would be good
(SPF, DNS record checks etc). Many ideas have been suggested recently which
would work with SMTP, and most would be fine if other issues with SMTP were
removed simultaneously and the verification methods were made mandatory
Paul VPOP3 - Internet Email Server/Gateway
support(_at_)pscs(_dot_)co(_dot_)uk http://www.pscs.co.uk/
|
|