bug#51733: 27.1; Detect impossible email addresses better

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#51733: 27.1; Detect impossible email addresses better

From:	Lars Ingebrigtsen
Subject:	bug#51733: 27.1; Detect impossible email addresses better
Date:	Wed, 19 Jan 2022 14:31:11 +0100
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/29.0.50 (gnu/linux)

Eli Zaretskii <eliz@gnu.org> writes:

> I'm not asking to _replace_ RFC2047 support, I'm saying that we should
> also support email addresses that were already decoded, for the use
> cases where that could be more convenient or where the wire level is
> unavailable.

These already exist.  The applications can call *-name-suspicious-p
(etc) individually, if they want to.

> Why would you object to extending these functions so that they could
> support decoded email addresses?  What harm could that possibly do?

That's the point -- when doing DWIM parsing, the function can't reliably
say whether a string is a suspicious email address, because the attacker
may construct a name part, that when decoded, confuses the address
parser, and thereby escapes domain/local part checking.  (Think of
various combinations of names that contain "@" and "," characters.)

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

[Prev in Thread]

Current Thread

[Next in Thread]

bug#51733: 27.1; Detect impossible email addresses better, (continued)

Prev by Date: bug#51733: 27.1; Detect impossible email addresses better
Next by Date: bug#51733: 27.1; Detect impossible email addresses better
Previous by thread: bug#51733: 27.1; Detect impossible email addresses better
Next by thread: bug#51733: 27.1; Detect impossible email addresses better
Index(es):
- Date
- Thread