Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
> From: discuss-bounces+blu=nedharvey.com at blu.org [mailto:discuss- > bounces+blu=nedharvey.com at blu.org] On Behalf Of Tom Metro > > > ...won't spammers simply add a script truncate any gmail address with > > a + in it, yielding a valid and no-longer-traceable address? Or can > > we count on them to be really, really lazy? > > So far they seem to be lazy. I've yet to spot any evidence of extensions > being stripped. It's just like the decision to write viruses for windows vs mac vs linux. Bad guys will attack anything called "it" as soon as they feel like "it" is worth the effort of attacking. Laziness to attack "it" is inversely proportional to the popularity of "it" and the weighted probability of profiting by attacking "it." Of course they're mostly not doing any sophisticated analysis. They're just using their own personal gut feel, weighing the effort of attacking "it" versus what they guess will be the payoff. > Edward Ned Harvey wrote: > > That's actually an RFC standard that's supported by many MTA's. > > I'm not aware of the address extension mechanism being codified in any > RFC. (Reference?) Of course the "+" character is permitted by RFCs, but > it isn't imbued with special meaning. RFC5233 "subaddressing" is an optional configuration for your MTA. From what I've seen, it's disabled by default, but there's a commented-out line in your config file, so it's trivial for you to enable it on your MTA if you want. At least, that's how it is on exim. > My understanding is that it is a defacto standard pioneered by Sendmail. I first learned about it by reading the exim config file. So maybe sendmail started it, but the concept has certainly gained some adoption. > > ...because some other RFC standard defines the + character > > as a bad character for email addresses. > > Again, I've never heard of that. When I look around now, everything that I find quickly includes "+" as a valid character for the local part. So, I have no idea why so many websites refuse to accept your email address with a "+" in it. The bums.
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |