You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by "David F. Skoll" <df...@roaringpenguin.com> on 2013/10/30 21:24:43 UTC
Literal IP address as domain name (was Re: Feedback on blacklist
rule I plan to write)
On Wed, 30 Oct 2013 20:07:16 +0000
RW <rw...@googlemail.com> wrote:
> But does anything actually say that 1.2.3.4 can't be treated as a
> hostname.
Sec. 4.1.2 of RFC 5321 allows this according to the BNF grammar. But
I don't think the semantics are well-defined.
Both of these adhere to the grammar:
example@1.2.3.4
example@1.2.3.444
How are they to be interpreted? 1.2.3.4 is a legal IP address. It's
also a legal "domain" according to the BNF, but is it a legal domain
name in the DNS? RFC 1035 says a valid "label" in a domain
name has to start with a letter... but we all know that "3m.com" is a
valid domain name (or at least, that it resolves!) Then RFC 2181 muddies
the water and says:
"Those [length] restrictions
aside, any binary string whatever can be used as the label of any
resource record. [...]
Note however, that the various applications that make use of DNS data
can have restrictions imposed on what particular values are
acceptable in their environment. For example, that any binary label
can have an MX record does not imply that any binary name can be used
as the host part of an e-mail address. Clients of the DNS can impose
whatever restrictions are appropriate to their circumstances on the
values they use as keys for DNS lookup requests, and on the values
returned by the DNS. If the client has such restrictions, it is
solely responsible for validating the data from the DNS to ensure
that it conforms before it makes any use of that data."
1.2.3.444 means... what? It's not an IP address, and if we take
RFC 2181 at it's word, should we do MX and A lookups on "1.2.3.444"?
All in all, I would avoid email addresses that match the perl regex
[^@]+@\d+\.\d+\.\d+\.\d+
Regards,
David.