[Mailman-Users] This should not have happened

Mark Sapiro mark at msapiro.net
Sun May 9 02:27:26 CEST 2010

On 5/8/2010 4:49 PM, Lindsay Haisley wrote:
> On Sat, 2010-05-08 at 16:38 -0700, Mark Sapiro wrote:
>> One thing you could try is bookmarking a link like
>>   mailto:mylist at example.com?approved=password
>> which should work, but those clients I've tried it with ignore it.
> Yep!  I don't think it's supported by mail standards.

Yes and No. RFC 2368 is clear that any header=value is allowable as long
as header is an RFC 822 header name. Since RFC 822 allows
"extension-field" and "user-defined-field", this allows pretty much
anything, But RFC 2368 also says

4. Unsafe headers

   The user agent interpreting a mailto URL SHOULD choose not to create
   a message if any of the headers are considered dangerous; it may also
   choose to create a message with only a subset of the headers given in
   the URL.  Only the Subject, Keywords, and Body headers are believed
   to be both safe and useful.

   The creator of a mailto URL cannot expect the resolver of a URL to
   understand more than the "subject" and "body" headers. Clients that
   resolve mailto URLs into mail messages should be able to correctly
   create RFC 822-compliant mail messages using the "subject" and "body"

which effectively gives clients free reign to ignore all but subject=
and body=, although I think most honor at least in-reply-to= and

> In this particular case, I informed my customer that she had put a
> double-space in her pseudo-header and cautioned her to be careful about
> this going forward.  She's been operating her list successfully for the
> better part of a year, and I really don't want to have her change the
> way she works with it.  It was hard enough getting her up to speed with
> it in the first place.


Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list