Non-ASCII characters in abuse-mailbox addresses
Hi, some abuse contacts registered with RIPE use non-ascii characters with the abuse-mailbox addresses, e.g. % Abuse contact for '195.78.76.0 - 195.78.77.255' is 'abuse@zürich.email' However, the corresponding MTA does not support SMTPUTF8: 7B579403C6: to=<abuse@zürich.email>, relay=mail.xn--zrich-kva.email[109.95.241.50]:25, delay=0.33, delays=0.01/0/0.32/0, dsn=5.6.7, status=bounced (SMTPUTF8 is required, but was not offered by host mail.xn--zrich-kva.email[109.95.241.50]) (In this particular case, sending email to the IDNA representation of the email address <abuse@xn--zrich-kva.email> works.) In our experience, using umlauts and other non-ascii characters in (the host part of) email addresses still cause a lot of problems in general. Even if the recipient's MX supports SMTPUTF8 correctly, MTAs on the transport way may fail to handle SMTPUTF8 messages. To prevent such problems and make sure all abuse mailboxes can be addressed, I wonder if the values of abuse-mailbox attributes should be restricted to ASCII characters only. What do you think? - Thomas
Did you try IDN / Punnycode converter? Try abuse@xn--zrich-kva.email ? ________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Thomas Hungenberg <th@cert-bund.de> Sent: Tuesday, November 19, 2019 2:27:13 PM To: anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net> Subject: [anti-abuse-wg] Non-ASCII characters in abuse-mailbox addresses Hi, some abuse contacts registered with RIPE use non-ascii characters with the abuse-mailbox addresses, e.g. % Abuse contact for '195.78.76.0 - 195.78.77.255' is 'abuse@zürich.email' However, the corresponding MTA does not support SMTPUTF8: 7B579403C6: to=<abuse@zürich.email>, relay=mail.xn--zrich-kva.email[109.95.241.50]:25, delay=0.33, delays=0.01/0/0.32/0, dsn=5.6.7, status=bounced (SMTPUTF8 is required, but was not offered by host mail.xn--zrich-kva.email[109.95.241.50]) (In this particular case, sending email to the IDNA representation of the email address <abuse@xn--zrich-kva.email> works.) In our experience, using umlauts and other non-ascii characters in (the host part of) email addresses still cause a lot of problems in general. Even if the recipient's MX supports SMTPUTF8 correctly, MTAs on the transport way may fail to handle SMTPUTF8 messages. To prevent such problems and make sure all abuse mailboxes can be addressed, I wonder if the values of abuse-mailbox attributes should be restricted to ASCII characters only. What do you think? - Thomas
Oh you already tried and it works. I suggest RIPE can convert the IDN domains to punnycode on database. ________________________________ From: David Guo <david@xtom.com> Sent: Tuesday, November 19, 2019 2:32:54 PM To: Thomas Hungenberg <th@cert-bund.de>; anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] Non-ASCII characters in abuse-mailbox addresses Did you try IDN / Punnycode converter? Try abuse@xn--zrich-kva.email ? ________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Thomas Hungenberg <th@cert-bund.de> Sent: Tuesday, November 19, 2019 2:27:13 PM To: anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net> Subject: [anti-abuse-wg] Non-ASCII characters in abuse-mailbox addresses Hi, some abuse contacts registered with RIPE use non-ascii characters with the abuse-mailbox addresses, e.g. % Abuse contact for '195.78.76.0 - 195.78.77.255' is 'abuse@zürich.email' However, the corresponding MTA does not support SMTPUTF8: 7B579403C6: to=<abuse@zürich.email>, relay=mail.xn--zrich-kva.email[109.95.241.50]:25, delay=0.33, delays=0.01/0/0.32/0, dsn=5.6.7, status=bounced (SMTPUTF8 is required, but was not offered by host mail.xn--zrich-kva.email[109.95.241.50]) (In this particular case, sending email to the IDNA representation of the email address <abuse@xn--zrich-kva.email> works.) In our experience, using umlauts and other non-ascii characters in (the host part of) email addresses still cause a lot of problems in general. Even if the recipient's MX supports SMTPUTF8 correctly, MTAs on the transport way may fail to handle SMTPUTF8 messages. To prevent such problems and make sure all abuse mailboxes can be addressed, I wonder if the values of abuse-mailbox attributes should be restricted to ASCII characters only. What do you think? - Thomas
Why? It’s an EAI issue more than anything else. If your email client or server can’t handle UTF-8 then doing the punycode conversion is unlikely to help I’d also encourage RIPE NOT to force Latin characters only – the RIPE region covers multiple languages which are not Latin based and if anything it should be leading by example More details on EAI and UA issues here: https://uasg.tech/ Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of David Guo via anti-abuse-wg <anti-abuse-wg@ripe.net> Reply to: David Guo <david@xtom.com> Date: Tuesday 19 November 2019 at 13:34 To: Thomas Hungenberg <th@cert-bund.de>, "anti-abuse-wg@ripe.net" <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] Non-ASCII characters in abuse-mailbox addresses Oh you already tried and it works. I suggest RIPE can convert the IDN domains to punnycode on database. ________________________________ From: David Guo <david@xtom.com> Sent: Tuesday, November 19, 2019 2:32:54 PM To: Thomas Hungenberg <th@cert-bund.de>; anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] Non-ASCII characters in abuse-mailbox addresses Did you try IDN / Punnycode converter? Try abuse@xn--zrich-kva.email ? ________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Thomas Hungenberg <th@cert-bund.de> Sent: Tuesday, November 19, 2019 2:27:13 PM To: anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net> Subject: [anti-abuse-wg] Non-ASCII characters in abuse-mailbox addresses Hi, some abuse contacts registered with RIPE use non-ascii characters with the abuse-mailbox addresses, e.g. % Abuse contact for '195.78.76.0 - 195.78.77.255' is 'abuse@zürich.email' However, the corresponding MTA does not support SMTPUTF8: 7B579403C6: to=<abuse@zürich.email>, relay=mail.xn--zrich-kva.email[109.95.241.50]:25, delay=0.33, delays=0.01/0/0.32/0, dsn=5.6.7, status=bounced (SMTPUTF8 is required, but was not offered by host mail.xn--zrich-kva.email[109.95.241.50]) (In this particular case, sending email to the IDNA representation of the email address <abuse@xn--zrich-kva.email> works.) In our experience, using umlauts and other non-ascii characters in (the host part of) email addresses still cause a lot of problems in general. Even if the recipient's MX supports SMTPUTF8 correctly, MTAs on the transport way may fail to handle SMTPUTF8 messages. To prevent such problems and make sure all abuse mailboxes can be addressed, I wonder if the values of abuse-mailbox attributes should be restricted to ASCII characters only. What do you think? - Thomas
The most important thing for me is I don’t know how to type those letters on my English keyboard ☹ But yes I agree, forcing Latin chars is the best way to solve this problem. From: Michele Neylon - Blacknight <michele@blacknight.com> Sent: Tuesday, November 19, 2019 3:21 PM To: David Guo <david@xtom.com>; Thomas Hungenberg <th@cert-bund.de>; anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Non-ASCII characters in abuse-mailbox addresses Why? It’s an EAI issue more than anything else. If your email client or server can’t handle UTF-8 then doing the punycode conversion is unlikely to help I’d also encourage RIPE NOT to force Latin characters only – the RIPE region covers multiple languages which are not Latin based and if anything it should be leading by example More details on EAI and UA issues here: https://uasg.tech/ Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net<mailto:anti-abuse-wg-bounces@ripe.net>> on behalf of David Guo via anti-abuse-wg <anti-abuse-wg@ripe.net<mailto:anti-abuse-wg@ripe.net>> Reply to: David Guo <david@xtom.com<mailto:david@xtom.com>> Date: Tuesday 19 November 2019 at 13:34 To: Thomas Hungenberg <th@cert-bund.de<mailto:th@cert-bund.de>>, "anti-abuse-wg@ripe.net<mailto:anti-abuse-wg@ripe.net>" <anti-abuse-wg@ripe.net<mailto:anti-abuse-wg@ripe.net>> Subject: Re: [anti-abuse-wg] Non-ASCII characters in abuse-mailbox addresses Oh you already tried and it works. I suggest RIPE can convert the IDN domains to punnycode on database. ________________________________ From: David Guo <david@xtom.com<mailto:david@xtom.com>> Sent: Tuesday, November 19, 2019 2:32:54 PM To: Thomas Hungenberg <th@cert-bund.de<mailto:th@cert-bund.de>>; anti-abuse-wg@ripe.net<mailto:anti-abuse-wg@ripe.net> <anti-abuse-wg@ripe.net<mailto:anti-abuse-wg@ripe.net>> Subject: Re: [anti-abuse-wg] Non-ASCII characters in abuse-mailbox addresses Did you try IDN / Punnycode converter? Try abuse@xn--zrich-kva.email<mailto:abuse@xn--zrich-kva.email> ? ________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net<mailto:anti-abuse-wg-bounces@ripe.net>> on behalf of Thomas Hungenberg <th@cert-bund.de<mailto:th@cert-bund.de>> Sent: Tuesday, November 19, 2019 2:27:13 PM To: anti-abuse-wg@ripe.net<mailto:anti-abuse-wg@ripe.net> <anti-abuse-wg@ripe.net<mailto:anti-abuse-wg@ripe.net>> Subject: [anti-abuse-wg] Non-ASCII characters in abuse-mailbox addresses Hi, some abuse contacts registered with RIPE use non-ascii characters with the abuse-mailbox addresses, e.g. % Abuse contact for '195.78.76.0 - 195.78.77.255' is 'abuse@zürich.email' However, the corresponding MTA does not support SMTPUTF8: 7B579403C6: to=<abuse@zürich.email<mailto:abuse@zürich.email>>, relay=mail.xn--zrich-kva.email[109.95.241.50]:25, delay=0.33, delays=0.01/0/0.32/0, dsn=5.6.7, status=bounced (SMTPUTF8 is required, but was not offered by host mail.xn--zrich-kva.email[109.95.241.50]) (In this particular case, sending email to the IDNA representation of the email address <abuse@xn--zrich-kva.email<mailto:abuse@xn--zrich-kva.email>> works.) In our experience, using umlauts and other non-ascii characters in (the host part of) email addresses still cause a lot of problems in general. Even if the recipient's MX supports SMTPUTF8 correctly, MTAs on the transport way may fail to handle SMTPUTF8 messages. To prevent such problems and make sure all abuse mailboxes can be addressed, I wonder if the values of abuse-mailbox attributes should be restricted to ASCII characters only. What do you think? - Thomas
Hi all On Tue 19/Nov/2019 21:38:44 +0100 David Guo via anti-abuse-wg wrote:
The most important thing for me is I don’t know how to type those letters on my English keyboard ☹
It's curious that you can type emoticons and not accented letters. Enabling composition allows to type uppercase and foreign characters, which national keyboards cannot.
But yes I agree, forcing Latin chars is the best way to solve this problem.
Please do not force! Let's go forward, not backward. Please allow non-ASCII characters, encoded in UTF-8 [RFC3629] using the normalization form canonical composition (NFC) as described in Unicode Format for Network Interchange ([RFC5198]). At most, suggest to providers who use EAI addresses to also provide an ASCII alternative, if possible. Best Ale
On 19.11.19 15:21, Michele Neylon - Blacknight wrote:
If your email client or server can’t handle UTF-8 then doing the punycode conversion is unlikely to help
Based on our experience, it does help. If messages bounce because the recipient's MTA does not support SMTPUTF8, sending the message to the IDNA representation of the recipient address usually works. But I have also seen cases where the recipient's MTA supported SMTPUTF8 correcty but some MTAs or services like spam filters on the transport way did not and thus screwed up delivery of the message. - Thomas CERT-Bund Incident Response & Malware Analysis Team
In message <c4b009a3-d792-8b25-0121-a5f8992c65cf@cert-bund.de>, Thomas Hungenberg <th@cert-bund.de> wrote:
To prevent such problems and make sure all abuse mailboxes can be addressed, I wonder if the values of abuse-mailbox attributes should be restricted to ASCII characters only.
This is exactly what I had suggested. Using only punycode for domain names would restrict the representation of the domain names in the data base to traditional 7-bit US-ASCII. Regards, rfg
In message <17839.1574194412@segfault.tristatelogic.com>, I wrote:
This is exactly what I had suggested. Using only punycode for domain names would restrict the representation of the domain names in the data base to traditional 7-bit US-ASCII.
My apologies to everyone. When I posted that reply I didn't even notice the fact that the representation of domain names in the data base was/is now being discussed also on the anti-abuse mailing list. This very topic has already been discussed on the DB working group mailing list, which is arguably a more appropriate place for this discussion since abuse contact email addresses (and their associated domain name parts) are quite certainly not the only places where email addrsses may appear within the WHOIS data base. Regards, rfg
Ronald, You're quite correct, albeit there is no harm in raising such matters here, the DB WG is absolutely the correct place to discuss and propose any changes and where the substantive discussion should take place. I should have mentioned this earlier in the conversation. Brian Co-Chair, RIPE AA-WG Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nisbet@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270
-----Original Message----- From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> On Behalf Of Ronald F. Guilmette Sent: Tuesday 19 November 2019 20:33 To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Non-ASCII characters in abuse-mailbox addresses
In message <17839.1574194412@segfault.tristatelogic.com>, I wrote:
This is exactly what I had suggested. Using only punycode for domain names would restrict the representation of the domain names in the data base to traditional 7-bit US-ASCII.
My apologies to everyone. When I posted that reply I didn't even notice the fact that the representation of domain names in the data base was/is now being discussed also on the anti-abuse mailing list. This very topic has already been discussed on the DB working group mailing list, which is arguably a more appropriate place for this discussion since abuse contact email addresses (and their associated domain name parts) are quite certainly not the only places where email addrsses may appear within the WHOIS data base.
Regards, rfg
participants (6)
-
Alessandro Vesely -
Brian Nisbet -
David Guo -
Michele Neylon - Blacknight -
Ronald F. Guilmette -
Thomas Hungenberg