[langsec-discuss] Need advice on practical tools

travis+ml-langsec at subspacefield.org travis+ml-langsec at subspacefield.org
Sat Jan 16 23:25:02 UTC 2016

On Wed, Dec 16, 2015 at 10:16:32AM +0100, Geoffroy Couprie wrote:
> RFCs 6530 and 6531 indicate that the local part can contain almost any
> character, multibyte chars included. For the domain part, it must be
> normalized before sending, but that's where it gets interesting: users
> won't enter the email normalized, but in UTF8 form, apps will tend to
> store (and validate) the complete email in UTF8 form, and let the mail
> or DNS library handle the normalization before sending emails. So if
> someone abuses UTF8 control characters, the delimitation of local or
> domain part could be different, depending on which code validates the
> email.


Ye old RFC 2822 also showed that it can contain these bizarre
things called comments, and so on.

My pet peeve is systems which don't respect the + sign in local-part,
or worse, simply accept it but do not send email later.  SIGH.
I really should have set up my mailbox identifier as period.
http://www.subspacefield.org/~travis/ | if spammer then john at subspacefield.org
"Computer crime, the glamor crime of the 1970s, will become in the
1980s one of the greatest sources of preventable business loss."
John M. Carroll, "Computer Security", first edition cover flap, 1977

More information about the langsec-discuss mailing list