[Mailman-Developers] Opening up a few can o' worms here...

Jay R. Ashworth jra@baylink.com
Wed, 17 Jul 2002 12:17:23 -0400


On Wed, Jul 17, 2002 at 03:09:28AM -0400, Barry A. Warsaw wrote:
>     JRA> There's an argument going on somewhere else right now -- I
>     JRA> thought it was bugtraq, but I seem to have misplaced the
>     JRA> message -- about whether email addresses can have an RHS that
>     JRA> terminates in a .
> 
>     JRA> The poster says no way, I say that 2821 and 1034/5 say yes.
> 
> I'm not sure.  2822 would be the definitive RFC wouldn't it?

I hoped someone would bite.  :-)

2822 3.4.1 says that the *LHS* cannot have a trailing dot without
quoting it... but in the next graf, it seems to punt the interpretation
of "domain" to 1034.

> -------------------- snip snip --------------------
> addr-spec       = local-part "@" domain
> local-part      = dot-atom / quoted-string / obs-local-part
> dot-atom        = [CFWS] dot-atom-text [CFWS]
> dot-atom-text   = 1*atext *("." 1*atext)
> atext           =       ALPHA / DIGIT / ; Any character except controls,
>                         "!" / "#" /     ;  SP, and specials.
>                         "$" / "%" /     ;  Used for atoms
>                         "&" / "'" /
>                         "*" / "+" /
>                         "-" / "/" /
>                         "=" / "?" /
>                         "^" / "_" /
>                         "`" / "{" /
>                         "|" / "}" /
> obs-local-part  = word *("." word)
> word            = atom / quoted-string
> atom            = [CFWS] 1*atext [CFWS]
> -------------------- snip snip --------------------
> 
> It would seem that the local-part can't end in a `.'.

[ looks closer ]

... due to the interpretation of dot-atom-text.

You're right, that *is* what the standard says, and I'm surprised they
left it that way in the rewrite; that is *not* the way it should have
been done.  There are good reasons why you might want to terminate a
domain name, even in email -- though mostly diagnostic ones,
admittedly.

>     JRA> Someone has to fix the problem.  It has been proven to my
>     JRA> satisfaction that the technologists can't: it's not a
>     JRA> technology-fix problem (so few 'problems' are).  Someone has
>     JRA> to get *pissed*.
> 
> In a different context, the same question: do you think the corporate
> fraud reforms now being debated in congress will solve the problem?
> People /are/ pissed and are demanding both technological and
> non-technological fixes.  But maybe it's just 3am and I'm starting to
> hallucinate. ;)

No, I think that contemplating prison time, even sweeping the golf
traps at Eglin AFB, will adjust the threat estimate of the corporate
execs making the judgement calls.

No one's going to try to hijack an American plane ever again, either.  :-}

> > I can't give any definite examples to protect the people involved, but I
> > know of a couple of people who've had their careers significantly impacted
> > because of this stuff. Maybe not fatal, but third degree burns.
> 
>     JRA> The topic being false-positive-ly blocked "spam", aren't
>     JRA> those evidence for the prosecution, not the defense?
> 
> False positives don't scare me, but that's because we've got at least
> 5 volunteer postmasters screening the reports and rescuing probably 1
> message a week, if that.  What happens when the true-positives start
> making a stink because they demand that their spam get through?

Commercial speech is not protected by the first amendment, and the
theft-of-service people are likely to win the civil suits, IMHO (IANAL
:-)

>     JRA> Letting spam through likely only gets you yelled at;
>     JRA> accidentally blocking important stuff gets you burned.
> 
>     JRA> We are on the critical path, folks.  I know you know that,
>     JRA> but the explicit reminder isn't going to get me fired.
>     JRA> Fail-safe isn't just for aerospace anymore.
> 
> In a way I agree, but by the same token, email is such a flakey system
> throughout that I think people have fairly low expectations that a
> message they send will get delivered, read, and answered.

I don't think so, and I surmise that Chuq might not either...

>                                                             If you
> positively must get an answer to a question and in a hurry, email's a
> lousy way to ensure that.

Stipulate on that point, but still...

Cheers,
-- jra
-- 
Jay R. Ashworth                                                jra@baylink.com
Member of the Technical Staff     Baylink                             RFC 2100
The Suncoast Freenet         The Things I Think
Tampa Bay, Florida        http://baylink.pitas.com             +1 727 647 1274

   "If you don't have a dream; how're you gonna have a dream come true?"
     -- Captain Sensible, The Damned (from South Pacific's "Happy Talk")