On Sat, 27 Aug 2016, Jay R. Ashworth wrote:
>----- Original Message -----
>> From: "Steve Atkins" <[email protected]>
>>> On Aug 27, 2016, at 2:11 PM, John Levine <[email protected]> wrote:
>>> Valdis Kletnieks, an old nerd at Virginia Tech, tells me he just tried
>>> to subscribe to mailop and it said "the email address you gave is
>>> insecure." Huh?
>>>
>>> He's at vt.edu, which has the usual MX and SPF records. They even
>>> have their own CA for their web sites, chained from Globalsign.
Hmm, that phrasing does sound like it might be SPF, DKIM and/or DMARC
related.
>> What's the email address? /me bets on something non-ascii, or a malformed LHS
>> ("," vs "." for instance) or a + tag or ...
>
>If an email operations mailing list bounces a plus-hack email address as
>malformed....
And a plus-sign in the local-part is explicitly valid -- I wish more web
grunts knew this.
It would be misleading to call a malformed address "insecure", so I
certainly hope that's not the case.
Alas it's almost certainly the web form making the determination using a
web-ish notion of secure, for which we'd have to hope the off-the-shelf
software being used can be reconfigured or fixed.
Or maybe an annoying web server security module that the form can do
nothing about, that disallows anything ever before used for any kind of
badness. If it's this we can hope the list admins can influence the
module configuration.
/mark
_______________________________________________
mailop mailing list
[email protected]
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
