IETF Logo Mail Archive

Re: RE[2]: mailto URLs

Harald.T.Alvestrand@uninett.no Tue, 30 January 1996 15:28 UTC

Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa13175; 30 Jan 96 10:28 EST
Received: from CNRI.Reston.VA.US by IETF.CNRI.Reston.VA.US id aa13171; 30 Jan 96 10:28 EST
Received: from list.cren.net by CNRI.Reston.VA.US id aa08865; 30 Jan 96 10:28 EST
Received: from localhost (localhost [127.0.0.1]) by list.cren.net (8.6.12/8.6.12) with SMTP id JAA21435; Tue, 30 Jan 1996 09:57:43 -0500
Received: from domen.uninett.no (domen.uninett.no [129.241.131.10]) by list.cren.net (8.6.12/8.6.12) with SMTP id JAA21375 for <ietf-822@list.cren.net>; Tue, 30 Jan 1996 09:57:12 -0500
Received: from domen.uninett.no by domen.uninett.no with SMTP (PP) id <01851-0@domen.uninett.no>; Tue, 30 Jan 1996 15:54:28 +0100
Message-Id: <199601301457.JAA21375@list.cren.net>
Date: Tue, 30 Jan 1996 15:54:26 +0100
X-Orig-Sender: owner-ietf-822@list.cren.net
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Harald.T.Alvestrand@uninett.no
To: Jamie Zawinski <jwz@netscape.com>
Cc: Larry Masinter <masinter@parc.xerox.com>, pkeni@netscape.com, mb@ebt.com, izzy@aac.twg.com, timbl@www0.cern.ch, mpm@boombox.micro.umn.edu, ietf-822@list.cren.net, bhk@aac.twg.com, Al Gilman <asg@severn.wash.inmet.com>
Subject: Re: RE[2]: mailto URLs
In-Reply-To: Your message of "Tue, 30 Jan 1996 03:36:34 PST." <310E02C2.3ABC6F90@netscape.com>
X-Sender: Harald.T.Alvestrand@uninett.no
X-Mailer: exmh version 1.6.5 12/11/95
X-Listprocessor-Version: 8.0(dev) -- ListProcessor by CREN

Jamie,
good that you do some syntax checking.
I would recommend doing hostname lookup and asking for confirmation if it
didn't resolve to either MX or A record; I think large networks generally
run with internal DNS, and for smaller systems the user can survive being
asked if he really means it.
BTW, enclosed is my (incomplete) Perl code for syntactically valid email
addresses; most addresses that fail these checks are probably illegal.
It at least catches the common name of "1234,567@compuserve.com" - someone
writing his Compuserve address with a comma in it, which is both illegal and
troublesome to handle.

About the urls: I think you haven't implemented mailserver:, so you looked
up http://domen.uninett.no/~hta/ietf/mailserver:alvestrand@uninett.no/
instead.
The other stuff is mostly harmless if you don't send out URLs with
CRLFs in them; I believe some browsers also check against "definitely not
HTTP" port numbers like 25.

The big difference between a POST mailto: and a POST http:// is the way it
arrives at the recipient; a POST mailto: arrives in E-mail, and if it has
the "right" content and recipient, it can create some noise for the
innocent-but-careless sender.
(The police actually came to the door of one person who had been a "little"
foolish when typing into the guest book at www.whitehouse.gov....it was a
bit of a surprise to him that someone took the Internet *that* seriously...)

                   Harald A

# PERL subroutine:
# Tell whether something is a legal E-mail address or not

sub isemail {
    local($addr, $restrict) = @_;
    if ($addr !~ /(\S+)@(\S+)/) {
        $notemailbecause = "No @ sign found in address";
        return 0;
    } else {
        $localpart = $1;
        $domain = $2;
    }
    if ($domain !~ /bitnet|uucp$/i && $restrict ne "nodns") {
        $ckroute = `/local/bin/host $domain 2>&1`;
        if ($ckroute !~ /is handled |has address/) {
            $notemailbecause = "Name lookup failure: $ckroute";
            return 0;
        } elsif ($ckroute =~ /has address 127.0.0.1/) {
            $notemailbecause = "Points at loopback interface";
            return 0;
        }
    } 
    if ($localpart =~ /^".*"$/) {
        # Quoted-string; no further checks (could check for unbalance..)
    } elsif ($localpart =~ /[ ()<>@,;:\\"\[\]]/) { # "
        $notemailbecause = "Illegal character in local part: $&";
        return 0;
    }

    return 1;
}

v2.8.7 | Report a Bug | By Email