Problems sending mail from .mumble

Discussion:

(too old to reply)

Barry Shein

2008-04-13 21:50:25 UTC

Date: Sun, 13 Apr 2008 10:27:40 -0700
User-Agent: Thunderbird 2.0.0.12 (Macintosh/20080213)
MIME-Version: 1.0
Subject: Problems sending mail from .mumble
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Howdy folks,
This isn't as much fun as tracking ships, but at Friday's meeting of
ICANN's GNSO Council (think "Hairspray") and ICANN staff on the process
for new gTLDs, the issue of file suffixes as proposed strings came up.
Obviously the people who thought of wildcards (Sitefinder) didn't think
through the full joy of the consequences.
So this is (yet another) fishing expidition -- as MIME types are a handy
list, if any of those strings were present in a header, as in
Clues on a clue-by-four.
I'll summarize replies off-list (unless requested otherwise) and Thanks
in Advance,
Eric

V***@vt.edu

2008-04-14 15:17:56 UTC

Permalink

So this is (yet another) fishing expidition -- as MIME types are a handy
list, if any of those strings were present in a header, as in

As a practical matter, 'bar.mime-type' had better be a proper DNS entry, or
a lot of places that do a "is the address at least putatively returnable?"
test (which *should* be essentially 100% - does anybody *not* check this?),
they will find it won't go very far.

As a second practical matter, I suspect that all the places that have already
decided that '*.biz' is a cesspool will be even more dubious accepting mail
from '***@bar.application.octet-stream'.

I'm still trying to figure out if this was for real, or if it was intended
to be posted 2 weeks ago and ICANN bureaucracy delayed it... ;)

V***@vt.edu

2008-04-14 17:06:15 UTC

Permalink

The issue is whether "exe" in the root will break something. Rather than
just ask for a few well-known suffixes, and forgetting some, and leaving
out "ps" as it is already assigned to a ccTLD, I've picked on the
MIME-TYPE set of labels.

Are you asking about actual MIME times 'text.plain', 'application.ps', and
so on, or are you asking about the labels that one popular operating system
sometimes uses to denote them, such as .exe, .ps and so on? Some of us use
systems that don't insist on extensions - and the major one that does has
a history of doing so poorly (how many times have we seen something with
a name of foo.exe labelled an image/jpg and ending up executed rather than
displayed?)

Christopher Morrow

2008-04-14 17:21:18 UTC

Permalink

Post by V***@vt.edu

So this is (yet another) fishing expidition -- as MIME types are a handy
list, if any of those strings were present in a header, as in

It's got some interesting implications if it's: domain.exe ... 'did
you mean to go to domain.exe or execute domain.exe or display
domain.pdf ?' the UI folks will have a headache with that I bet... I
could see a rule set (simplified) like:

1) if -f domain.exe && -x domain.exe ; then exec(domain.exe)
2) if ! -f domain.exe ; then openlocation(domain.exe)

that would be fun in the world of site-finder, eh? I wonder what word
or excel or '$application' does with a random blob of html foo shoved
down it's throat??

Is it still the case that folks thinking about site-finder believe
'all the world is a web-browser' ??? Seriously?

Post by V***@vt.edu
As a second practical matter, I suspect that all the places that have already
decided that '*.biz' is a cesspool will be even more dubious accepting mail

and here I took the 'bar.mime-type' to be: domain.exe or domain.mp3 or
domain.pdf ... Barry, which do you mean? (or which did Eric mean)

Christopher Morrow

2008-04-14 17:30:11 UTC

Permalink

(monday morning list address probs,sorry)

---------- Forwarded message ----------
From: Christopher Morrow <***@gmail.com>
Date: Mon, Apr 14, 2008 at 1:21 PM
Subject: Re: Fwd: Problems sending mail from .mumble

Post by V***@vt.edu

So this is (yet another) fishing expidition -- as MIME types are a handy
list, if any of those strings were present in a header, as in

Post by V***@vt.edu
As a second practical matter, I suspect that all the places that have already
decided that '*.biz' is a cesspool will be even more dubious accepting mail

and here I took the 'bar.mime-type' to be: domain.exe or domain.mp3 or
domain.pdf ... Barry, which do you mean? (or which did Eric mean)

Eric Brunner-Williams

2008-04-14 18:30:15 UTC

Permalink

Post by Christopher Morrow
and here I took the 'bar.mime-type' to be: domain.exe or domain.mp3 or
domain.pdf ... Barry, which do you mean? (or which did Eric mean)

Yup. Infix dots pretty much means the whole label isn't in the DNS root.

David Conrad

2008-04-14 19:35:47 UTC

Permalink

Post by Christopher Morrow
It's got some interesting implications if it's: domain.exe ... 'did
you mean to go to domain.exe or execute domain.exe or display
domain.pdf ?' the UI folks will have a headache with that I bet... I
1) if -f domain.exe && -x domain.exe ; then exec(domain.exe)
2) if ! -f domain.exe ; then openlocation(domain.exe)

Do UI folks today have trouble with:

domain.com
domain.pl
domain.ps
domain.sh
etc.?

Is there an application that treats a local file specifier and a host
specifier indistinguishably? If so, how does it deal with strings
(like those I listed above) that could potentially be executables as
well as domain names?

Thanks,
-drc

Christopher Morrow

2008-04-14 19:43:58 UTC

Permalink

Post by David Conrad

domain.com
domain.pl
domain.ps
domain.sh
etc.?
Is there an application that treats a local file specifier and a host
specifier indistinguishably? If so, how does it deal with strings (like
those I listed above) that could potentially be executables as well as
domain names?

see previous 'not been using dos in a while ,doh!' sorry :( I suspect
.pl/.sh/.ps things are not normal user-application things (not windows
things) so perhaps these are handled sanely. Or maybe there aren't
reasons to look for this sort of thing over a network today so the
problem doesn't exist?

I know that in some applications (php things) you can open() a file or
a 'url', maybe these things do something sane already? or maybe it's a
corner case that doesnt' get tickled today with .exe or .gif ?

Still, is all the world a web-browser?? (displaying 'web content' to
things not web-browsers has already been proven to be a bad plan)

-Chris

V***@vt.edu

2008-04-14 20:06:05 UTC

Permalink

Post by David Conrad
Is there an application that treats a local file specifier and a host
specifier indistinguishably?

If there's a software program out there currently that manages to conflate
the right-hand side of an e-mail address and a MIME type, it probably deserves
to lose.

By the same token, anybody advocating such conflation probably deserves to lose
as well...

Duane Wessels

2008-04-14 23:07:22 UTC

Permalink

Post by David Conrad
Is there an application that treats a local file specifier and a host
specifier indistinguishably? If so, how does it deal with strings (like those
I listed above) that could potentially be executables as well as domain
names?

Looking at the 2007 DITL data (traces from DNS roots) its interesting
to see traffic for invalid TLDs that look just like filename
extensions. For example:

% of all TLD/
Queries extension
---------- -----------
0.182 txt
0.055 htm
0.051 c
0.049 lib
0.041 jpg
0.026 gif
0.012 html
0.011 php
0.005 exe

(Note, those really are percentages.)

I have no idea what applications are behind them, but it indicates
that there is software out there that has a hard time telling the
difference between a filename and a hostname. Or maybe its (ab)using
the DNS to help make the decision.

FWIW I was able to find one application, the text browser 'links,'
which accepts either filename or hostnames as its commandline
argument. From what I can tell its algorithm is something like
this:

- if tld/extension has two letters --> URL
- if less than two letters --> File
- if tld/extension is in list of known gTLDs --> URL
- else --> File

DW

Stuart Henderson

2008-04-14 19:05:38 UTC

Permalink

It doesn't seem to be a big problem for .com...

Christopher Morrow

2008-04-14 19:40:50 UTC

Permalink

Post by Stuart Henderson

It doesn't seem to be a big problem for .com...

oh I've been away from dos for too long (not long enough??)... so sure
maybe this isn't a problem :) or maybe the load from .com-ish things
isn't enough to notice?

-Chris

Robert Bonomi

2008-04-15 16:56:28 UTC

Permalink

Date: Mon, 14 Apr 2008 16:07:22 -0700 (PDT)
Subject: Re: Problems sending mail from .mumble
FWIW I was able to find one application, the text browser 'links,'
which accepts either filename or hostnames as its commandline
argument. From what I can tell its algorithm is something like
- if tld/extension has two letters --> URL
- if less than two letters --> File
- if tld/extension is in list of known gTLDs --> URL
- else --> File

The web browser "Lynx" does something very similar. One addendum to the
above logic is that if the DNS look-up fails, it tries to use the string
as a local file path.

Typo the FQDN in a URL to something that returns NXDOMAIN, and you get an
error message to the effect that lynx 'couldn't access start *FILE* "foo'"
(emphasis added.)