Okay. Is there an alternative so I can set it as we find these messages to specifically ignore these sender errors while still checking the overwhelming majority of messages that properly format their headers? Do I need to no-processing the entire message based on the IP or something? Is there a better way? Thanks
On Mon, Feb 3, 2020 at 1:40 AM Thomas Eckardt <thomas.ecka...@thockar.com> wrote: > >I believe =?utf-8?q?no-reply=40surveymonkey=2ecom?= is unicode for < > *no-re...@surveymonkey.com* <no-re...@surveymonkey.com>> or is that bad > unicode? > > This is no unicode (or better ASCII in UTF-8 - which is the same). This is > a quoted printable encoded email address, which is (and should not) > interpreted as such one. > > ASSP does not allow (and removes any such EHLO-answer offer) 8-bit MIME > headers. > > ... > > Also note that messages in this format require the use of the > SMTPUTF8 extension [RFC6531 <https://tools.ietf.org/html/rfc6531>] to > be transferred via SMTP. > > > ... > > Thomas > > > > Von: "K Post" <nntp.p...@gmail.com> > An: "ASSP development mailing list" < > assp-test@lists.sourceforge.net> > Datum: 02.02.2020 18:49 > Betreff: Re: [Assp-test] Missing MX, A, and FROM for specific > sender. Unicode problem? > ------------------------------ > > > > You're correct in that RFC1342, a proposed standard (from 1992!!) does say: > ...an encoded-word MUST NOT appear in any portion of an "address". > > However, RFC6532 *https://tools.ietf.org/html/rfc6532* > <https://tools.ietf.org/html/rfc6532>, also just a *proposed *standard > but from 2012, 20 years newer than 1342, and one that seems to have a lot > of senders providers relying on it says: > This document specifies an enhancement to the Internet Message Format > and to MIME that *allows use of Unicode in mail addresses* and most > header field content. > > So which proposed standard do you adhere to? It seems like if there's a > more lenient one, or more feature full one, that's much newer and that > people are using, that we should at least give that some real consideration. > > If there's enough senders putting addresses in unicode format, and ASSP > obviously already knows how to decode them, is there any downside to having > ASSP allow unicode in addresses and decode it? I've not seem spammers > doing this, and even if they did try to obscure addresses in unicode, ASSP > will still do its thing and check the discovered addresses the same way it > would if they had not. > > I really don't know why senders are doing this, but they are, and it's > mail we need to get through. The big one for us is SurveyMonkey, something > that our staff relies heavily on, but there are others too. > > What do you think Thomas? If I'm being logical, is there any hope of > getting this changed/enhanced? > > Thanks > > > > > On Sat, Feb 1, 2020 at 8:09 AM Thomas Eckardt < > *thomas.ecka...@thockar.com* <thomas.ecka...@thockar.com>> wrote: > an email header field may contain encoded unicode - in commends > how ever, if an email header field is used - it has to contain a valid > email address - unicode is not allowed to be used in email addresses > > valid examples: > > reply-to: "any encoded unicode" < valid@email.address> > reply-to: < valid@email.address> > > invalid example: > > reply-to: "any encoded unicode" > > Thomas > > > > > Von: "K Post" <*nntp.p...@gmail.com* <nntp.p...@gmail.com>> > An: "ASSP development mailing list" < > *assp-test@lists.sourceforge.net* <assp-test@lists.sourceforge.net>> > Datum: 31.01.2020 17:30 > Betreff: Re: [Assp-test] Missing MX, A, and FROM for specific > sender. Unicode problem? > ------------------------------ > > > > I knew that unicode it was common in the subject, but not from/reply-to. > Apparently it's legal in for all headers. > *https://tools.ietf.org/html/rfc1342* > <https://tools.ietf.org/html/rfc1342> And according to the ever > questionable wikipedia, *https://en.wikipedia.org/wiki/Unicode_and_email* > <https://en.wikipedia.org/wiki/Unicode_and_email> : > > - *RFC 2047* <https://tools.ietf.org/html/rfc2047> provides support > for encoding non-ASCII values such as real names and subject lines in email > header*[5]* > <https://en.wikipedia.org/wiki/Unicode_and_email#cite_note-5> > - *RFC 6532* <https://tools.ietf.org/html/rfc6532> allows the use of > UTF-8 in a mail header section *[7]* > <https://en.wikipedia.org/wiki/Unicode_and_email#cite_note-7> > > > My gut says that FROM/Reply-To (I don't know about the envelope itself) > would need to be checked to see if they're unicode and converted prior to > having the email address extracted from those lines and run through checks > like MX and A, etc. > > What do we all think? I don't know if ASSP is already handling unicode in > FROM and Reply-To and something's wrong with the formatting in my sample > header above, or if ASSP doesn't accept UTF-8 encoded FROM/Reply-To. If > it's the later, do you think we should ask Thomas to look into it? > > On Fri, Jan 31, 2020 at 10:51 AM Robert K Coffman Jr. -Info From Data > Corp. <*bcoff...@infofromdata.com* <bcoff...@infofromdata.com>> wrote: > Ken, > > I can confirm I am seeing this also. > > I haven't had any complaints (I vaguely recollect way way back in ASSP > time I might have had an issue with Survey Monkey) so I have taken no > action on it. > > - Bob > > On 1/31/2020 10:26 AM, K Post wrote: > > Interesting idea Doug. Do any of your users happen to get any > > SurveyMonkey notifications? These are sent to the owners of surveys. > > I'm curious if you're seeing the same malformed info in the headers. > > Thanks > > ken > > > > > > On Thu, Jan 30, 2020 at 12:56 PM Doug Lytle <*supp...@drdos.info* > <supp...@drdos.info> > > <mailto:*supp...@drdos.info* <supp...@drdos.info>>> wrote: > > > > This is not a necessarily resolution, but possibly a workaround for > you. > > > > In a past life, I've had some mail servers that just caused more > > issues then they were worth, so I ended up identifying their mail > > server(S) range of IP Addresses and placed those in an alias on the > > firewall and did a NAT directly to the mail server instead of ASSP > > If they were destined for port 25. > > > > Doug > > > > > > _______________________________________________ > > Assp-test mailing list > > *Assp-test@lists.sourceforge.net* <Assp-test@lists.sourceforge.net> > <mailto:*Assp-test@lists.sourceforge.net* > <Assp-test@lists.sourceforge.net>> > > *https://lists.sourceforge.net/lists/listinfo/assp-test* > <https://lists.sourceforge.net/lists/listinfo/assp-test> > > > > > > > > _______________________________________________ > > Assp-test mailing list > > *Assp-test@lists.sourceforge.net* <Assp-test@lists.sourceforge.net> > > *https://lists.sourceforge.net/lists/listinfo/assp-test* > <https://lists.sourceforge.net/lists/listinfo/assp-test> > > > > > > _______________________________________________ > Assp-test mailing list > *Assp-test@lists.sourceforge.net* <Assp-test@lists.sourceforge.net> > *https://lists.sourceforge.net/lists/listinfo/assp-test* > <https://lists.sourceforge.net/lists/listinfo/assp-test> > _______________________________________________ > Assp-test mailing list > *Assp-test@lists.sourceforge.net* <Assp-test@lists.sourceforge.net> > *https://lists.sourceforge.net/lists/listinfo/assp-test* > <https://lists.sourceforge.net/lists/listinfo/assp-test> > > > > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, legally > privileged and protected in law and are intended solely for the use of the > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > _______________________________________________ > Assp-test mailing list > *Assp-test@lists.sourceforge.net* <Assp-test@lists.sourceforge.net> > *https://lists.sourceforge.net/lists/listinfo/assp-test* > <https://lists.sourceforge.net/lists/listinfo/assp-test> > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, legally > privileged and protected in law and are intended solely for the use of the > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test >
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
