Re: regarding illegally formed address and commands

Ned Freed <> Tue, 24 December 1996 19:00 UTC

Received: from cnri by id aa03349; 24 Dec 96 14:00 EST
Received: from by CNRI.Reston.VA.US id aa14167; 24 Dec 96 14:00 EST
Received: from localhost ( []) by (8.7.6/8.6.12) with SMTP id NAA21319; Tue, 24 Dec 1996 13:27:02 -0500 (EST)
Received: from THOR.INNOSOFT.COM (THOR.INNOSOFT.COM []) by (8.7.6/8.6.12) with ESMTP id NAA21307 for <>; Tue, 24 Dec 1996 13:26:53 -0500 (EST)
Received: from INNOSOFT.COM by INNOSOFT.COM (PMDF V5.0-8 #8694) id <01IDDTHCDYSWA8D9W2@INNOSOFT.COM>; Tue, 24 Dec 1996 10:25:54 -0800 (PST)
Date: Tue, 24 Dec 1996 09:36:09 -0800 (PST)
Precedence: bulk
From: Ned Freed <>
To: Jack De Winter <>
Cc: Ned Freed <>,
Subject: Re: regarding illegally formed address and commands
In-Reply-To: "Your message dated Tue, 24 Dec 1996 01:41:37 -0500" <>
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
X-Listprocessor-Version: 8.1 beta -- ListProcessor(tm) by CREN

> > Depends both on the command as well as what's illegal about it. As another data
> > point, PMDF will reject a command when the command syntax itself, as opposed to
> > the arguments to the command, is illegal. When an argument is illegal it
> > depends on what the argument is used for. In the case of a malformed address
> > argument to a MAIL FROM command, for example, PMDF doesn't care since it isn't
> > essential in getting a message delivered, and experience has shown that
> > rejecting such messages on the basis of a potential problem returning a
> > nondelivery notification later is not what users want.

> > PP, on the other hand, is much more picky about this sort of thing. I don't
> > believe it will let an invalid argument to MAIL FROM through at all.

> So the command is checked but not the parameters?

I said nothing of the sort. Read my response again, but this time read it more
carefully. I quite clearly said that it depends on what the parameter
information is used for. If for instance it is an envelope recipient, the
checks made a fairly rigorous, and end up catching all of your "illegal"
variants at the SMTP level.

In the case of a envelope originator, however, pretty much anything goes.

> Is this healthy?

15+ years of doing this stuff tells me that it is extremely healthy. Why?
Because the vast majority (and I do mean vast) of messages have valid recipient
addresses. Failing things on the basis of the validity of a field that is
almost always unused is just plain silly. Try explaining it sometime to a very
senior technical person at a large company who is trying to get some important
mail delivered whose return address is both bogus and unfixable. I have, and I
have watched entire product suites get summarily dumped as a result of such

> Are there reasons that the parameter is not checked?  I mean if it
> gets the MAIL FROM address wrong, it cannot bounce the message back
> anyways.

So what?

> Um... actually, according to the RFC821 grammar (which we are all
> bound to until 821bis is finished), the domain part of the address
> itself is a series of parts, each separated by dots, with an
> alphabetic at the front; alphas, numerics, and a dash in the middle;
> and an alpha or numeric character at the end.
> i.e. is legal, as is, but,, and
> are illegal... according to 821 at least.

I wasn't going by the RFC821 grammar, which I regard as hopelessly buggy and
totally unusable. In general I try to ignore RFC821 grammar to the greatest
extent possible and just use RFC822 instead.

Why do I always do this? Because a strict implementation of the RFC821 grammar
results in a system that's unusable in practice. For instance, if you consider
yourself bound to the RFC821 grammar that means you had better be rejecting any
domain name that contains an element consisting of less than three characters
that isn't a domain literal. This is obviously a nonstarter. You're also going
to lose badly should you attempt to depend on legal gunk in the RFC821 grammar
like the ability to use \ outside of a quoted string in a local part or the #
form of domain literal. Try stuffing the former into an RFC822 message header
and see what happens, and once you've finished that conduct a survey and find
out how many systems support the # literal form.

This isn't to say that RFC822 grammar isn't buggy. It is. It allows dreck like
"this is"."a legal"@address, which RFC821 doesn't. (This is about the only
RFC822 botch that RFC821 fixes, however.) But at least the RFC822 grammar
doesn't explicitly disallow a ton of forms that obviously should be allowed and
in fact must be allowed if we're to have an operational network.

As such, I essentially regard the RFC821 grammar as having been superceded by
that in RFC822, and when implementing I try to support as much of the
RFC821-specific stuff as possible but coerce it into a form that is compatible
with RFC822.

In any case, please don't try to tell me that the syntax specified in RFC821
should in any way determine what behavior is correct, because it just won't
wash. There are, however, plenty of other reasons you can use to say that funny
characters in the domain name of an envelope recipient address should cause it
to be rejected. For example, you could cite the domain registration rules
(which do restrict the repetoire) and then say that you tolerate no exceptions
locally under any circumstances, hence you are justified in rejecting them. Or
you could say that you reserve % specifically for use locally as a separator.
But these are both really rejections on the basis of assigned semantics, not