--On 14 October 2010 13:44:40 -0400 "John R. Levine" <jo...@iecc.com> wrote:
>> That makes it invalid input to any module that requires input to comply >> with RFC5322, pure and simple. > > Well, OK, with the stipulation that no existing MUA I have ever seen is > such a module. Nor MTA, either. Exim has a "verify = header_syntax" ACL option, which checks the syntax of headers that contain addresses, but it doesn't count headers, so it doesn't spot this problem. A bug report has been filed, so this conversation has helped there. >> I think if it becomes well-known that users of MUA 1 are easier to phish >> than users of MUA 2, a lot of people will gravitate to the safer >> implementation, don't you? I sure would. > > Aw, come on. How many millions of people still use Outlook Express on > Windows XP? Switching MUAs is painful, people rarely do it. Too true. When I started working here in 1999, Siren Mail had just ceased development. We've only just (in the last few months) got Siren Mail out of the hands of the last user hanging on. And the motivation there was that Siren Mail didn't do authenticated SMTP! -- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/ _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html