A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Applications Area Working Group Working Group
of the IETF.
Title : Advice for Safe Handling of Malformed Messages
Author(s) : Murray S. Kucherawy
Gregory N. Shapiro
N. Freed
Filename : draft-ietf-appsawg-malformed-mail-08.txt
Pages : 21
Date : 2013-09-17
Abstract:
Although Internet mail formats have been precisely defined since the
1970s, authoring and handling software often show only mild
conformance to the specifications. The distributed and non-
interactive nature of email has often prompted adjustments to
receiving software, to handle these variations, rather than trying to
gain better conformance by senders, since the receiving operator is
primarily driven by complaining recipient users and has no authority
over the sending side of the system. Processing with such
flexibility comes at some cost, since mail software is faced with
decisions about whether or not to permit non-conforming messages to
continue toward their destinations unaltered, adjust them to conform
(possibly at the cost of losing some of the original message), or
outright rejecting them.
A core requirement for interoperability is that both sides of an
exchange work from the same details and semantics. By having
receivers be flexible, beyond the specifications, there can be -- and
often has been -- a good chance that a message will not be fully
interoperable. Worse, a well-established pattern of tolerance for
variations can sometimes be used as an attack vector.
This document includes a collection of the best advice available
regarding a variety of common malformed mail situations, to be used
as implementation guidance. These malformations are typically based
around loose interpretations or implementations of specifications
such as Internet Message Format [MAIL] and Multipurpose Internet Mail
Extensions [MIME].
It must be emphasized, however, that the intent of this document is
not to standardize malformations or otherwise encourage their
proliferation. The messages are manifestly malformed, and the code
and culture that generates them needs to be fixed. Therefore, these
messages should be rejected outright if at all possible.
Nevertheless, many malformed messages from otherwise legitimate
senders are in circulation and will be for some time, and,
unfortunately, commercial reality shows that we cannot always simply
reject or discard them. Accordingly, this document presents
alternatives for dealing with them in ways that seem to do the least
additional harm until the infrastructure is tightened up to match the
standards.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-appsawg-malformed-mail
There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-appsawg-malformed-mail-08
A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-ietf-appsawg-malformed-mail-08
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
I-D-Announce mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
