-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Jan 23, 2008, at 11:27 AM, Frank Ellermann wrote:
> Jon Callas wrote:
>
>> E.g. the syntax <user>@<tld> is legal.
>
> Not under RFC 2821 rules intentionally demanding
> "at least one dot" - to get rid of <user>@<host>
> constructs, where <host> is no FQDN.
>
> It will be however legal under 2821bis rules, if
> the IESG can resist all temptations to overrule
> John's decision. Of course what's legal or not
> isn't necessarily related to what happens if you
> try to use a TLD as host in SMTP or NNTP.
>
>> most software incorrectly thinks that [EMAIL PROTECTED]
>> is not a legal email address.
>
> Maybe submit this observation to Dave's collection
> of 2821 interoperabilty reports, folks on the SMTP
> list had serious difficulties to figure out what's
> best. "Don't talk about it" was no option.
>
>> I still think that collapsing " at " into "@" was
>> a mistake, but I'm like that.
>
> That gives you odd places where LWSP has to work,
> it would immediately kill RFC 2822 and dozens of
> RFCs built on the new 2822-concepts (excl. "obs").
>
> That I consider deprecating reverse paths while
> keeping 1123 5.3.6(a) as a serious mistake (and as
> reason of the spam problem, not less) is also odd,
> but I consider SPF as "good enough" to fix it. :-)
This sounds like a digression, but I don't think it is.
Email is a delightfully baroque thing, and some things fade into and
out of common use. An address of [EMAIL PROTECTED] was legal, isn't, and
will be. But if Outlook 2^n-1 doesn't support it, it almost doesn't
matter if it's legal.
My love of " at " is purely aesthetic, and a horse that's been dead
for a quarter-century, no matter how much I miss it and would cheer
its resurrection.
Multiple-from is another feature that's known to be dodgy. I have no
emotional attachment to it, but I empathize with those that do. It
would be nice to make it and SSP play well together.
Let me wave a magic wand and create an okay-but-not-great solution. I
would *still* recommend to all high-risk-phish targets that they
*never* use multiple-from. I would recommend to a filtering agent to
look askance at it. I believe that an real-world Bayesean filter would
correlate multiple-from with misuse for the simple reason that there
are so few legitimate users.
So here's my magic wand: make an SSP option that says, signall
+multiplefrom. In other words, it says that I sign all, and it's okay
to have a multiple-from. Without that modifer, there will be no
multiple-froms.
If you don't like this, tweak the multiplefrom modifier to singlefrom,
change defaults or anything else.
Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.6.3
Charset: US-ASCII
wj8DBQFHl6xwsTedWZOD3gYRAvXnAJ0UtyDTgKIpivINzbnekXYUE4RR/ACcDd0C
DJS6fS78OJ8TmjGLNQcpi20=
=LB3Y
-----END PGP SIGNATURE-----
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
