Currently:
- Invitation lost in the post >>
-
There was an orkut invite in my "suspicious" mailbox due to a combination of an invalid Received: header and a not-guaranteed-unique Message-ID: (i.e. contains only a hostname rather than a FQDN.)
Received: from orkut <9C>by Orkut Router with SMTP<9C> id i3J3dLZU004522 for <lee@example.com>; Sun, 18 Apr 2004 20:39:21 -0700 Message-ID: <EDA55fd7651e1a5d44c3b02955977cab3338@eda5>
Even if you ignore the funky control characters that have found their way in there, "by Orkut Router" breaks the header parsing because of the space. ("OrkutRouter" or "Orkut (Router)" would have parsed, something.orkut.com would have been better.)
This is one of those silent errors. Orkut sends out the invites with the Envelope Sender of the user requesting the invite (or "forges" it, depending on your interpretation of How Email Works. Users of reverse MX checks, such as SPF, be ye warned), so orkut will never see post-acceptance bounces.
Conventional mail systems don't reject mail based on these broken headers anyway (but maybe they should). Indeed, the rejection might be in violation of the RFC:
...receiving systems MUST NOT reject mail based on the format of a trace field and SHOULD be extremely robust in the light of unexpected information or formats in those fields.
But while the RFC talks of not rejecting mail, there's no RFC that says you can't use broken headers as an anti-spam metric. And there's no RFC that says you MUST actually read them.
But even though I've received an invite, it doesn't mean I'll be joining. To paraphrase the Groucho quote, I don't care to belong to a social network that accepts people like me as nodes.
(posted 2004-04-19T13:12, link )
