Underscores in Host Names

Thu May 19 15:55:58 UTC 2005

On May 19, 2005, at 8:45 AM, Thomas Schulz wrote:

> In article <d6fubl$2fgu$1 at sf1.isc.org>, R.D. <rdwyer at quick-link.com> 
> wrote:
>> Hello all.
>> We have a client containing an underscore in the email address domain
>> name.  Our email server rejects it because of it's violation of the 
>> RFC
>> standard.  This individuals claim is that he doesn't have problems
>> anywhere else and if this is going to be a problem he's "going to take
>> his business elsewhere"!
>>
>> I understand it's a violation of the standard, but does it pose a
>> security hole to the email server to allow this sort of mail?
>> Shouldn't this individual be experiencing probelms elsewhere. . . . I
>> doubt I am the only one.
>>
>> Thanks
>
> If I recall correctly, the reason for the restriction on the use of an
> underscore is that there was a concern that it could be confused with a
> dsah.  This could possibly cause a lot of frustration with mistyped 
> names
> and possibly a security problem if two names differed by only an 
> underscore
> verses a dash.
> This would not be much of a security hole.  I would not loose business
> over it.

If "computer security" is defined as "a computer is secure if you can 
depend on it and its software to behave as you expect", the definition 
give by Garfinkel and Spafford in "Practical Unix & Internet Security", 
then you have to think about what "you expect".

If you do not follow the rules of the Internet, as defined by the RFCs, 
then your expectations will not be the same as the rest of the worlds.  
This is the purpose of RFCs, to make sure that computers play nicely 
with each other.  As such, I ***WOULD*** expect to loose business over 
it.  For this reason I would consider this a security problem.

Both Mark and Brad have identified the RFCs that deal with the use of 
underscores in host names.  If you want to insure that your 
customers(s) are able to communicate with other systems on the 
Internet, I would suggest that you may want to reconfigure your server 
to allow host names with underscores to be liberal in what you accept, 
but don't name your systems with this character.

And yes, this customer should expect to see problems with other systems 
on the Internet, even if they don't at the immediate moment.  They will 
sometime.  Or, even better, tell them that there are people, maybe 
paying customers, right now trying to communicate with them but are 
unable to because of their naming scheme and that they are completely 
unaware of them because they "don't think that this is a problem".  
Your customer needs to play by the rules also.  Your role is to help 
teach them this.

But, this topic is now getting into the realm of mail server 
configuration rather than DNS and BIND issues.  Maybe a different forum 
would be able to provide you a better answer.

Bill Larson