IDN Mail not allowed for platform registration

Eckhard Rüggeberg's Avatar

Eckhard Rüggeberg

08 Nov, 2017 05:56 PM

I had problems with GPGTools and had to open a ticket. When I tried to submit it from the Mail -> Preferences -> GPGMail -> Problem reporting form, it got rejected. I had to replace my standard email address eckhard@rü with a stone age address without IDN to submit it.

THIS form says "User_email should look like an email address." Needless to say that eckhard@rü not only looks like an email address, it IS a valid email address since March 2004

  1. Support Staff 1 Posted by Courtenay on 08 Nov, 2017 10:57 PM

    Courtenay's Avatar

    Ah, yes, we still are living in the stone age. Es tut mir leid! However with a good reason. The problem was that IDN addresses have a spoofing attack. e.g. bob@pа which is actually [email blocked]. Is there a recent solution to this?

  2. 2 Posted by Eckhard Rüggebe... on 09 Nov, 2017 09:08 AM

    Eckhard Rüggeberg's Avatar

    Well, in your example it is easy, because the first "a" (kyrillic az?) looks different in that typewriter font than the second one.
    In general, the solution to spoofing is a good amount of common sense (which lacks for many internet users, as I have to admit).

    Probabely I have to buy the domain "" and use that for sites whose IT is from stone age...

  3. Support Staff 3 Posted by Courtenay on 09 Nov, 2017 09:47 AM

    Courtenay's Avatar

    Yes, it looks different in typewriter font but doesn't look different in basic body font like the times new roman we use like this: bob@pа .. or say wіkіреdіа.org and UGH Anyway, that's mainly why we don't support it. Also, my neandertal DNA. I agree we can easily block unicode ranges for cyrillic and allow others, i.e. allow basic stuff like umlauts -- but then our ukranian customers are going to ask for characters and it's a mess. It's easier for lazy me to just stuck with rfc2822 or whatever it is for now. I hope a solution presents itself.

  4. 4 Posted by Ecckhard Rüggeb... on 09 Nov, 2017 03:02 PM

    Ecckhard Rüggeberg's Avatar

    And what exactly is the problem if Bob from the kyrillic pа registers with his semi-kyrillic email address, as long as it exists? He sends you mails, and you send him mails. I see no harm in that!

  5. Support Staff 5 Posted by Courtenay on 09 Nov, 2017 10:23 PM

    Courtenay's Avatar

    A customer sends me an email, "Can you reset my password" or "Can you send me an export of our data", with a spoofed address. Or, on a public forum a user from is replying but it's not the actual domain.

  6. brandi closed this discussion on 15 Mar, 2018 10:36 PM.

Discussions are closed to public comments.
If you need help with Tender please start a new discussion.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac