Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] box.net



> From: discuss-bounces+blu=nedharvey.com at blu.org [mailto:discuss-
> bounces+blu=nedharvey.com at blu.org] On Behalf Of Tom Metro
> 
> > ...won't spammers simply add a script truncate any gmail address with
> > a + in it, yielding a valid and no-longer-traceable address? Or can
> > we count on them to be really, really lazy?
> 
> So far they seem to be lazy. I've yet to spot any evidence of extensions
> being stripped.

It's just like the decision to write viruses for windows vs mac vs linux.
Bad guys will attack anything called "it" as soon as they feel like "it" is
worth the effort of attacking.  Laziness to attack "it" is inversely
proportional to the popularity of "it" and the weighted probability of
profiting by attacking "it."  Of course they're mostly not doing any
sophisticated analysis.  They're just using their own personal gut feel,
weighing the effort of attacking "it" versus what they guess will be the
payoff.


> Edward Ned Harvey wrote:
> > That's actually an RFC standard that's supported by many MTA's.
> 
> I'm not aware of the address extension mechanism being codified in any
> RFC. (Reference?) Of course the "+" character is permitted by RFCs, but
> it isn't imbued with special meaning.

RFC5233 "subaddressing" is an optional configuration for your MTA.  From
what I've seen, it's disabled by default, but there's a commented-out line
in your config file, so it's trivial for you to enable it on your MTA if you
want.  At least, that's how it is on exim.


> My understanding is that it is a defacto standard pioneered by Sendmail.

I first learned about it by reading the exim config file.  So maybe sendmail
started it, but the concept has certainly gained some adoption.


> > ...because some other RFC standard defines the + character
> > as a bad character for email addresses.
> 
> Again, I've never heard of that.

When I look around now, everything that I find quickly includes "+" as a
valid character for the local part.  So, I have no idea why so many websites
refuse to accept your email address with a "+" in it.  The bums.




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org