I’ve been asked a few questions on email addresses and their limitations or recommended practices as a server administrator. I will outline a small bit of information in regards to valid email addresses, server types and spam evasion.
The Internet Engineering Task Force RFC (Request for Comment) 2821 defines the local part of an SMTP email address a maximum of 64 characters. This of course is not set in stone and many servers will accept more than 64 characters for the local area of an address (the part before the @ sign). Domain names are limited to a maximum of 255 characters which is enforced by the domain registrars.
In the early days of the Internet, the local part of an SMTP address was most often in lowercase ASCII characters. For the most part they still are, but it looks as if system administrators bowing to corporate pressure (or something!), have allowed users to have their names with uppercase first characters. This creates a problem: Many people still have the idea that all email addresses are lowercase (which is technically wrong, but mostly accurate) and others believe they are case-sensitive (which is technically right, but mostly inaccurate). So because of this confusion system administrators are forced to make their domain policy case-insensitive such that users can have Chris@domain.com, chris@domain.com, CHRIS@domain.com and all other variations point to the same SMTP address. This effectively reduces the number of possible addresses available on a system. This is similar to the folder structure problem of UNIX and Windows web servers. On UNIX, the folder /Chris is different from /chris, while on IIS /Chris is the same folder as /chris.
According to RFC 2822, the local-part of the address may use any of these ASCII characters:
Uppercase and lowercase letters (case sensitive)
The digits 0 through 9
The characters ! # $ % * / ? | ^ { } ` ~ & ‘ + – =
The underscore _
The stop/period character . provided that it is not the first or last character in the local-part.
For the most part the upper and lower case characters, numerals and the period do not pose a problem for servers. Where problems occur is the use of the special characters: ! # $ % * / ? | ^ { } ` ~ & ‘ + – =. Have you ever seen an email address containing those? Probably not. For interoperability between operating system and mail system types, disallowing those characters is essential. There are some tricks to using those special characters, for example to use [ and ] they have to be encapsulated in quotations. [chris]@domain.com is invalid, whereas “[chris]“@domain.com IS. You can also have a space character if enclosed in quotations. Just stay away from these characters as people will be confused.
To combat spam, people have started typing their email addresses in forums and blogs as name[something]@doman.com, or [name]@domain.com. While some administrator must have in the past mentioned this as a good way to confuse email harvesters, it is no longer the case. Old harvesters used to rely on regular expressions and syntactically correct email structure to harvest addresses so emails with special characters would have been taken and recorded as verbatim. The address would have then been invalid since it wasn’t the user’s real address. Harvesters are now programmed with the idea that users are ignorant of email policy and throw special characters in their address to confuse spam-bots. They now automatically take those special characters out when harvesting addresses.
So what to do to confuse them? Put real words in the address that must be taken out. For example chrisssss@domain.com (take out the ssss) is more effective than chris[at]domain.com. It’s simply too bad for chrisssss@domain.com if there is such an address.
This is not completely server related, so forgive me as I deviate.
When I posted a certain tip on using vBullet*n and Photopo*t, I didn’t realize what sort of avalanche of comments I would get. I get a few spam comments for each post, but I have received over 1000 spam comments based solely on those two keywords. Why? Bots scour the internet searching for “Powered by vBullet*n” and other related terms and then attack the forms on the pages of that site, trying to send comment spam on forums, etc. By posting those keywords into my tips earlier, it opened up the door for countless spam comments.
So a tip to those who have vBullet*n, photoPo*t or wordpress with those keywords in posts, try not to use those words on your site! If you do have the above mentioned forum software, pay for the de-branding option, it’ll save your forum a bunch of spam attacks and even bandwidth.
While shopping around for SSL Certificates I decided to compile a short table to compare the various ones available. It is available below. They are all 128/256 bit encryption targeted for web applications.
The post below talks about processor affinity and setting IIS to use only one processor to increase stability of certain applications (PHP ISAPI anyone?).
You can set the affinity by opening Task Manager and selecting w3svc.exe or inetinfo.exe on the Processes tab. Right click and choose Set Affinity. Uncheck the processors which should not execute the application.
This is a temporary solution since it is reset once you restart Windows or IIS. Some people often disregard setting processor affinity as a fix since it never seems to work…but this is because they don’t set it permanently. Below is how to set the processor affinity permanently.
Grab the Imagecfg.exe tool from the \support\debug\i386 folder of a Windows NT 4.0, or the Imagecfg.exe tool from the Windows 2000/2003 Server Resource Kit.
Open a CMD prompt and type:
imagecfg -a 0xn drive:\Path\program.exe
where 0xn is the affinity mask and drive:\Path\program.exe is the program you wish to set. The mask indicates which processor is to run the desired application. On a dual-core system, you use CPUs 0 and 1 (not 1 and 2).
3 Comments
Loading ...
Contact
RSS Feed