Sunday, June 8, 2008

[pgsql-www] Message-ID should surely not be shown as a mailto: URL

So looking at page source for, eg,
http://archives.postgresql.org/pgsql-hackers/2008-06/msg00338.php

I see

<li><strong>From</strong>: Tom Lane &lt;<a href="mailto:tgl@DOMAIN.HIDDEN">tgl(at)sss(dot)pgh(dot)pa(dot)us</a>&gt;</li>
<li><strong>To</strong>: <a href="mailto:pgsql-hackers@DOMAIN.HIDDEN">pgsql-hackers(at)postgresql(dot)org</a></li>
<li><strong>Subject</strong>: Re: We have a launch abort ... PG update releases will be delayed</li>
<li><strong>Date</strong>: Sat, 07 Jun 2008 11:45:56 -0400</li>
<li><strong>Message-id</strong>: &lt;<a href="mailto:20506.1212853556@DOMAIN.HIDDEN">20506(dot)1212853556(at)sss(dot)pgh(dot)pa(dot)us</a>&gt;</li>

This seems outright silly. In the first place, I do not see the value
of displaying mailto: URLs containing intentionally-broken addresses.
In the second, even if the domain names were fixed, there is no way on
god's green earth that mailto: a Message-ID is going to work.

Hm, I wonder if sloppiness of this sort accounts for the remarkable
prevalence in my mail logs of spam-sign like this:

Jun 9 00:44:06 sss2 sm-mta[4062]: m594i5Ns004062: <19570.1142971720@sss.pgh.pa.us>... User unknown

I don't pretend to know what is the approved way to deal with these
issues, but *this* can't be best practice.

regards, tom lane

--
Sent via pgsql-www mailing list (pgsql-www@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-www

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)