[UA-discuss] EAI Addresses for Testing
marksv at microsoft.com
Mon Mar 7 10:28:51 UTC 2016
BTW - if you have lots of detail from your tests (what Andrew calls "geely bits"), please send it all. It is helpful for debugging.
From: ua-discuss-bounces at icann.org [mailto:ua-discuss-bounces at icann.org] On Behalf Of Andrew Sullivan
Sent: Sunday, March 6, 2016 5:28 PM
To: ua-discuss at icann.org
Subject: Re: [UA-discuss] EAI Addresses for Testing
I didn't expect this to work in my environment, but I thought I'd see what happens. This message may be a little geeky, so if you don't want all that detail you can ignore most of it.
I'm running an old-timey mail user agent called mutt, on OS X 10.10.5.
It runs in a terminal. The OS X terminal does support UTF-8. It's version 1.5.23 (which means I'm a minor revision behind. Oops). It's compiled with --with-idn, which is supposed to help with IDNA but doesn't do EAI. Mutt contains its own smtp client that allows me to submit directly to my mail server.
At the moment my mailserver has EAI disabled (because my mail client will spit up, so it's better to reject the mail):
So, this arrangement actually should just break. Now, here's what's
On Sun, Mar 06, 2016 at 03:30:48PM +0000, Mark Svancarek wrote:
In this case, I couldn't send mail at all, because I couldn't extract the address.
It appears that the angle brackets from the mailto: URI turn this whole thing into a giant bidi problem which wreaks havoc on cut and paste. I'm not good enough with Arabic script to be able to enter the address correctly by hand. So this one fails at entry, and it's a human factors problem. It's worth noting that this is not actually a
bug: it was part of the design of EAI. The idea was that, if you were going to internationalize email, you wouldn't give anyone an email address that he or she couldn't read or write. (Yes, I'm aware of the irony that much of the world already can't read or write old-fashioned email addresses. But we're supposed to be getting better, remember?) The idea is that people who email each other have some connection to one another (unlike the case with domain names).
What surprised me was this. Mutt didn't choke. Instead, it tried very hard.
In my server logs, I see the login. Then this (sorry about the geeky
Mar 6 16:31:46 mx2 postfix/cleanup: C1CA8105A5: message-id=<20160306163142.GA68779 at mx2.yitter.info>
Mar 6 16:31:46 mx2 postfix/qmgr: C1CA8105A5: from=<ajs at anvilwalrusden.com>, size=609, nrcpt=1 (queue active) Mar 6 16:31:46 mx2 amavis: (10965-13) WARN: address modified (recip): <\303\245\302\276\302\256\303\250\302\275\302\257\303\246\302\265\302\213\303\250\302\257\302\225 at xn--blq510jgwa.xn--fiqs8s> -> <"\\\303\245\\\302\276\\\302\256\\\303\250\\\302\275\\\302\257\\\303\246\\\302\265\\\302\213\\\303\250\\\302\257\\\302\225"@xn--blq510jgwa.xn--fiqs8s>
Mar 6 16:31:46 mx2 postfix/smtpd: disconnect from unknown[2620:f:8000:210:f57a:234:6424:2d24]
What this shows is that the mail client took 互联网.中国 and processed that as IDN, as desired: that's the @xn--blq510jgwa.xn--fiqs8s. But rather than spitting up on a malformed mail address, the client sent raw bytes for the local part. The WARN: line above is the mail server saying that it escaped everything (so you can see \303 becomes \\\303). This is the mail server failing to be EAI-capable.
My mail scanner complained about the header ("Mar 6 16:31:46 mx2
amavis: (10965-13) Passed BAD-HEADER-2 ") but passed it along anyway.
But of course, this didn't actually work, because I sent a malformed mail address, so the receiving server rejected the mail:
Mar 6 16:31:52 mx2 postfix/smtp: C3B9110A8F: to=<????????????@xn--blq510jgwa.xn--fiqs8s>, relay=zh.icoremail.net[184.108.40.206]:25, delay=5.7, delays=0/0.01/4.3/1.4, dsn=5.0.0, status=bounced (host https://na01.safelinks.protection.outlook.com/?url=zh.icoremail.net&data=01%7c01%7cmarksv%40microsoft.com%7cb82e2dcca6e448a29c7e08d345e4b588%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=yw3OYY9CGCEH9ohrlaT4Og2x%2bfTTFXHcA8QneiTa4JY%3d[220.127.116.11] said: 550 User not found: ????????????????????????????????????@?????????.?????? (in reply to RCPT TO command))
As a result, I got a bounce message. (No humans ever see bounce messages any more, because they look like spam backscatter, so you can't rely on bounce messages to help you.
I hope this is useful as an illustration of how something can be really broken and yet not obvious to a user.
ajs at anvilwalrusden.com
More information about the UA-discuss