[CentOS] E-mail advice sought

Sat Apr 30 19:22:38 UTC 2016
Gordon Messmer <gordon.messmer at gmail.com>

On 04/30/2016 11:28 AM, Alice Wonder wrote:
> Is there any advice on characters to allow in usernames?
> I don't think a whitelist alphabet is best approach because of people 
> with names that are not spelled with Latin characters.
> Is there an existing blacklist of characters that technically legal 
> but are generally avoided in e-mail addresses? 

The RFC uses a list of allowed characters, and so must you.

My advice is, first, don't write this yourself.   There is almost 
certainly a library for validating RFC-compliant usernames in whatever 
programming language you use; locate one and use it.

Second, when validating user names, you must be aware of the features of 
your email server.  For instance, it may use the '-' character or the 
'+' character as a way to allow user-local extensions.  Thus 
"example-foo," "example-bar," and "example" may all be the same 
user/mailbox.  If you are not aware of this, then a new user might be 
set up as "example-bar" and one would mask the other.  Either the old 
user would prevent the new one from receiving any mail, or the new one 
would begin intercepting some of the old user's mail.  Thus, because a 
character is allowed by RFC does not mean that you should allow it in 

Third, you should be aware that non-ASCII support was defined in RFC 
6531, in 2012.  That's very recent as RFCs go, and it is not widely 
supported today.  None of the mail servers shipped with CentOS 7, for 
instance, include such support.  Even if you build your own software 
that supports the RFC, users with non-ASCII usernames will not be able 
to send or receive email with remote domains that don't include such