Programmers with network engineering skills

Joe Greco jgreco at
Mon Mar 12 20:31:21 CDT 2012

> Owen DeLong wrote:
> >
> > 
> > You may have noticed my particular test wouldn't accept foo!bar!ucbvax!user format addresses, either.
> > 
> > It works well enough for my purposes. I did not claim it was perfect.
> Why not leave it to the MTA to decide what is a valid address? It only 
> requires a few SMTP commands to the MTA to know if it will accept it. 
> Normally the MTA will tell you after the "rcpt to:" command if it will 
> accept it (i'm ignoring some badly behaving MTAs who will swallow 
> anything and then bounce, no point trying to work around such crap).
> No need to re-invent the wheel, unless you're actually creating an MTA 
> or something similar.
> Who is to say that even IF your address verifier verifies it as valid 
> that the MTA is configured to allow it (or the other way around)? MTAs 
> can be arbitrarily configured to (dis)allow "bang path" addresses, IP 
> addresses etc.

The ideal world contains a mix of techniques.

You cannot just blindly leave it to the MTA to decide what's valid.
Along that path lies madness.  How do you pass the address to the MTA?
Don't do it as a system() call unless you want someone to own your
box with a semicolon.  Do you allow \n?  \r?  Do you allow \\?  There
is a certain amount of paranoia that is prudent, and a certain amount
that is actually necessary...  though it's true that implementations
often don't bother to work that out correctly...

... JG
Joe Greco - Network Services - Milwaukee, WI -
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.

More information about the NANOG mailing list