[UA-discuss] EAI Addresses for Testing

[Mark Svancarek]

I also experienced the cut and paste issue - during the demo, you may have noticed that I pasted the SaudiNIC address separately from the other addresses.

Perhaps this explains one of the Coremail failures where the address seems to be inadvertently converted to a pair of invalid Chinese IDNs.

/marksv
-----Original Message-----
From: ua-discuss-bounces at icann.org [mailto:ua-discuss-bounces at icann.org] On Behalf Of Andrew Sullivan
Sent: Sunday, March 6, 2016 5:28 PM
To: ua-discuss at icann.org
Subject: Re: [UA-discuss] EAI Addresses for Testing

Hi,

I didn't expect this to work in my environment, but I thought I'd see what happens.  This message may be a little geeky, so if you don't want all that detail you can ignore most of it.

I'm running an old-timey mail user agent called mutt, on OS X 10.10.5.
It runs in a terminal. The OS X terminal does support UTF-8.  It's version 1.5.23 (which means I'm a minor revision behind.  Oops).  It's compiled with --with-idn, which is supposed to help with IDNA but doesn't do EAI.  Mutt contains its own smtp client that allows me to submit directly to my mail server.

At the moment my mailserver has EAI disabled (because my mail client will spit up, so it's better to reject the mail):

So, this arrangement actually should just break.  Now, here's what's
fun:

On Sun, Mar 06, 2016 at 03:30:48PM +0000, Mark Svancarek wrote:
>
> مارك@رسيل.السعودية<mailto:مارك@رسيل.السعودية>
> 

In this case, I couldn't send mail at all, because I couldn't extract the address.

It appears that the angle brackets from the mailto: URI turn this whole thing into a giant bidi problem which wreaks havoc on cut and paste.  I'm not good enough with Arabic script to be able to enter the address correctly by hand.  So this one fails at entry, and it's a human factors problem.  It's worth noting that this is not actually a
bug: it was part of the design of EAI.  The idea was that, if you were going to internationalize email, you wouldn't give anyone an email address that he or she couldn't read or write.  (Yes, I'm aware of the irony that much of the world already can't read or write old-fashioned email addresses.  But we're supposed to be getting better, remember?) The idea is that people who email each other have some connection to one another (unlike the case with domain names).

> 微软测试@互联网.中国<mailto:微软测试@互联网.中国>

What surprised me was this.  Mutt didn't choke.  Instead, it tried very hard.

In my server logs, I see the login.  Then this (sorry about the geeky
bits):

---%<---cut here---

Mar  6 16:31:46 mx2 postfix/cleanup[11538]: C1CA8105A5: message-id=<20160306163142.GA68779 at mx2.yitter.info>
Mar  6 16:31:46 mx2 postfix/qmgr[30224]: C1CA8105A5: from=<ajs at anvilwalrusden.com>, size=609, nrcpt=1 (queue active) Mar  6 16:31:46 mx2 amavis[10965]: (10965-13) WARN: address modified (recip): <\303\245\302\276\302\256\303\250\302\275\302\257\303\246\302\265\302\213\303\250\302\257\302\225 at xn--blq510jgwa.xn--fiqs8s> -> <"\\\303\245\\\302\276\\\302\256\\\303\250\\\302\275\\\302\257\\\303\246\\\302\265\\\302\213\\\303\250\\\302\257\\\302\225"@xn--blq510jgwa.xn--fiqs8s>
Mar  6 16:31:46 mx2 postfix/smtpd[11548]: disconnect from unknown[2620:f:8000:210:f57a:234:6424:2d24]

--->%---cut here---

What this shows is that the mail client took 互联网.中国 and processed that as IDN, as desired: that's the @xn--blq510jgwa.xn--fiqs8s.  But rather than spitting up on a malformed mail address, the client sent raw bytes for the local part.  The WARN: line above is the mail server saying that it escaped everything (so you can see \303 becomes \\\303).  This is the mail server failing to be EAI-capable.

My mail scanner complained about the header ("Mar 6 16:31:46 mx2
amavis[10965]: (10965-13) Passed BAD-HEADER-2 ") but passed it along anyway.

But of course, this didn't actually work, because I sent a malformed mail address, so the receiving server rejected the mail:

---%<---cut here---

Mar  6 16:31:52 mx2 postfix/smtp[11554]: C3B9110A8F: to=<????????????@xn--blq510jgwa.xn--fiqs8s>, relay=zh.icoremail.net[120.31.129.134]:25, delay=5.7, delays=0/0.01/4.3/1.4, dsn=5.0.0, status=bounced (host https://na01.safelinks.protection.outlook.com/?url=zh.icoremail.net&data=01%7c01%7cmarksv%40microsoft.com%7cb82e2dcca6e448a29c7e08d345e4b588%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=yw3OYY9CGCEH9ohrlaT4Og2x%2bfTTFXHcA8QneiTa4JY%3d[120.31.129.134] said: 550 User not found: ????????????????????????????????????@?????????.?????? (in reply to RCPT TO command))

--->%---cut here---

As a result, I got a bounce message.  (No humans ever see bounce messages any more, because they look like spam backscatter, so you can't rely on bounce messages to help you.

I hope this is useful as an illustration of how something can be really broken and yet not obvious to a user.

Best regards,

A

--
Andrew Sullivan
ajs at anvilwalrusden.com