Gary Wright
1/24/2007 7:35:00 PM
On Jan 24, 2007, at 2:22 PM, Alex LeDonne wrote:
> If you're going to use exec, you need to process those address bits
> separately to find the SUBSET of RFC2822 addresses that your process
> is willing to accept. Because with enough quoting and escaping, I can
> send almost anything as the sender of an e-mail message.
>
> Unless you have a strong use case otherwise, I suggest allowing only
> [-_.a-zA-Z0-9]
I generally agree with Alex, but I would suggest allowing a '+' also.
The reason being is that
local+anything@domain.com
is often interpreted to cause the message to be delivered to
local@domain.com
It is an easy way for a single 'user' with one mailbox to actually have
an infinite number of email addresses. I'm not sure if this
interpretation
is mandated by the standard or is just common practice.
Gmail is an example of an email service that supports this concept.
Gary Wright