On 21 Aug 2015, at 11:08, Martin Gregorie wrote:
On Fri, 2015-08-21 at 10:47 -0400, Bill Cole wrote:
Your response is a non sequitur.
Why do you say that? You suggested using what look to be hard limits
on
the header's size, though admittedly large ones, which puts my
comments
entirely on topic. You might not agree, but that's another matter
entirely.
On 21 Aug 2015, at 0:32, Bill Cole wrote:
No matter what the RFCs say, sending mail with 600-byte From or
Subject headers is not something people who are worth communicating
with do intentionally and it can be very cheap to reject such junk
before SA sees it.
That sentence says NOTHING about applying a 600-byte limit to any header
that can validly contain a list of recipients.
On 21 Aug 2015, at 8:14, Martin Gregorie wrote:
At most this deserves the possibility of writing rules that fire on
the
number of recipients of an e-mail. Any default rule, especially with a
limit as low as 600 characters will do more harm than good. For
instance, "Martin Gregorie <mar...@gregorie.org>," is 39 characters
and
is not unusually long for a mail address. Judging by this, your
criterion would treat any list with more than about 15 recipients as
over-long and well out of order.
That paragraphs refers specifically to headers that may be lists of
recipients.
My assertion that a 600-byte limit on From and Subject headers can be
"very cheap" is based on not just the compute cost of identifying such
headers, but also on the *zero* known false positive cost I've
encountered from imposing that limit (or in some cases 510 on header
content) on those headers on diverse mail systems handling hundreds to
millions of SMTP transactions per day over ~20 years. On many of those
systems I have also used a 200-byte limit on Date contents (which is
awfully generous for a header that should always have <50 characters)
with very few hits and no known false positives. I have seen cases where
the very long From or Subject is the result of a broken mail tool or an
innocent unintentional user error but those aren't really false
positives; rather they are cases of broken messages being identified and
stopped further from their sources than they should have been. Mostly,
overlong From & Subject headers seem to be the result of spam via
insecure web forms, proxies, etc. that inhibit spammers from injecting
linebreaks controllably, as the sources usually appear in DNSBL's that
catch such sources rather swiftly after they are first seen.
