North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Underscores in host names
In article <[email protected]> you write: >Hello all. >We have a client containing an underscore in the email address domain >name. Our email server rejects it because of it's violation of the RFC >standard. This individuals claim is that he doesn't have problems >anywhere else and if this is going to be a problem he's "going to take >his business elsewhere"! > >I understand it's a violation of the standard, but does it pose a >security hole to the email server to allow this sort of mail? No *security* hole as such, other than you need to make sure that if you're going to accept such cruft, you make *damned* sure that you never leak it back out and have some *other* standard-conformant site get on *your* case about it.... Oh, and make sure that none of *your* automated tools that summarize maillogs and the like choke on it. And that your e-mail admin is using software that doesn't choke on it (otherwise if they send you e-mail, you can't reply.. ;) You may want to balance the costs of making sure that *all* your stuff is underscore-ready (don't forget ongoing maintenance costs, as you'll probably have to re-patch each new release of any tools) against what this customer is willing to pay you. Attachment:
pgp00022.pgp
|