EMAIL ADDRESS INTERNATIONALIZATION EAI ICANN55 Mar 06 2016
- Slides: 43
E-MAIL ADDRESS INTERNATIONALIZATION ( EAI ) ICANN-55 Mar 06, 2016 TF-AIDN Member 35+ Min : 10 - Min ( Q & A )
AGENDA • Introduction “ Some Statistics ” • Why EAI ? • E-Mail Components & EAI • User Expectation & Perception • Arabic Email Addresses ( ﻣﺼﺮ. ) • Security Considerations • EAI Challenges • References • Questions
INTRODUCTION ( STATISTICS ) • How Many Emails Do We Exchange Daily? q 201. 4+ q 8. 3+ • Billion Emails Sent/Received Per Day Worldwide Billion Emails Sent/Received Per Hour Worldwide 4. 9 Billion Email Accounts Expected Worldwide By 2017 Worlwide Email Accounts 2019, 5, 594 Worldwide Email Users 2015, 4, 353 2016, 4, 626 2019, 2, 943 2015 2016 2017 2018 2019 2018, 5, 243 2015, 2, 586 2016, 2, 672 2018, 2, 849 2017, 2, 760 2017, 4, 920 Source : - http: //www. radicati. com/
INTRODUCTION ( STATISTICS ) • Only 26% of Internet users use English on the Internet Users by Language English 26% Rest of the Languages 22% German 2% French 3% Malay 3% Russian 3% Japanese 3% Portuguese 4% Chinese 21% Arabic 5% Spanish 8% Source : - http: //www. internetworldstats. com/
• E-Mail is the most popular used application Worldwide. • Number of E-Mail accounts still increasing. • Non-English users more than English users
What about using your own local language for your E-Mail account ?
Local-part @ domain-part Internationalizing only the domain name part of the email address is not enough
EAI Internationalizing the domain part and the local part
WHY EAI ? • It is natural to use your native language to access your email. • Help in bringing the Internet and its useful services to the world's non-English-speaking communities. • IDN e-mail allows people to use almost any language in their e-mail address. • Keep your online identity through using your own language. • Preserve my local cultural and traditional heritage. • Easier to remember and to communicate with other online users speaking the same language. • Consistent environment through local content , internationalized domain names, and internationalized email address.
EMAIL USER TYPES • An “ ASCII user “ q q Email addresses contain ASCII characters only. Cannot generate recipient addresses that contain non-ASCII characters. • An “ international email user “ q One or more non-ASCII email addresses. q Can generate recipient addresses that contain non-ASCII characters.
E-Mail components and EAI
Email client should be able to handle IDN email Email client should inform SMTP server that IDN email address is used Allow sizes greater than 512 characters “ FROM | RCPT TO “ Permit UTF-8 Email addressing and delivery ALL MX mail servers should all support EAI
What is the difference between SMTP and ESMTP ?
Only sender should be aware of EAI E-Mail address !!! Only sender SMTP should be aware of EAI EMail address !!!
All SMTP servers and E-Mail clients should be EAI-aware to preserve consistency through the Internet
We need to build a fully internationalized email environment, focusing on efficient communication among those who share a language and writing system.
• Changes to the mail header environment to accommodate header fields that are appropriately internationalized to utilize the full range of Unicode characters. • SMTP extension changes to permit UTF-8 mail addressing and delivery for internationalized header fields. • Internationalization of delivery and service notifications.
SMTP Extension for Internationalized Email RFC 6531
• SMTPUTF 8 -aware SMTP server requires that 8 BITMIME be announced and used by SMTPUTF 8 -aware SMTP client. • The EHLO keyword value associated with this extension is “SMTPUTF 8” • If the envelope or message being sent requires the capabilities of the SMTPUTF 8 extension, the SMTPUTF 8 -aware SMTP client MUST supply the SMTPUTF 8 parameter with the MAIL command. • If the SMTPUTF 8 -aware SMTP client is aware that neither the envelope nor the message being sent requires any of the SMTPUTF 8 extension capabilities, it SHOULD NOT supply the SMTPUTF 8 parameter with the MAIL command. • The maximum length of mail command is increased by 10 characters to accommodate SMTPUTF 8 parameter.
• Servers offering SMTPUTF 8 extension must provide support for , and announce , the 8 BITMIME extension. • When doing lookups, the SMTPUTF 8 -aware SMTP client or server must either use a Unicode-aware DNS library, or transform the internationalized domain name into A-label form. • If SMTP client receives SMTPUTF 8 extension in response to the EHLO command, may transmit internationalized email address in UTF-8 form. • If the SMTPUTF 8 SMTP extension is not offered by the SMTP server, the SMTPUTF 8 -aware SMTP client must not transmit a mail message containing internationalized email header.
• The SMTPUTF 8 -aware SMTP servers are encouraged to detect that recipients can not accept internationalized messages and generate an error after the RCPT command rather than waiting until after the data command to issue an error. • When an SMTP connection is opened, the SMTP server sends a "greeting“ response consisting of the 220 reply-code and some information. The SMTP client then sends the EHLO command. Since the SMTP client cannot know whether the SMTP server supports SMTPUTF 8 until after it receives the response to the EHLO, the SMTPUTF 8 -aware SMTP client MUST send only ASCII (LDH label or A-label [RFC 5890]) domains in the EHLO command. If the SMTPUTF 8 -aware SMTP server provides domain names in the EHLO response, they MUST be in the form of LDH labels or A-labels.
• If multiple DNS MX records are used to specify multiple servers for a domain (as described in Section 5 of RFC 5321 [RFC 5321]), it is strongly advised that all or none of them SHOULD support the SMTPUTF 8 extension.
Users Expectations & Perceptions
I expect to see my mailbox and domain names in local characters and to see them consistently ﻣﺼﺮ. ﺳﺠﻞ - ﺍﺳﻢ@ﺍﺧﺘﺒﺎﺭ Poor support for EAI I cannot use my IDN email to sign up to social medias like Facebook or Twitter N D I f o er es b m am u n nn d te mai i Lim do t u o al b a oc s l s e in n e nts e r a u g w o ua c A c g r a o il an o l P ma e 0% of the world’s most popular websites allow IDN email addresses as user accounts
IDN Support From Major Mail Providers
Security Consideration IETF Overview and Framework for Internationalized Email ( RFC 6530 ) IETF SMTP Extension for Internationalized Email ( RFC 6531 ) IETF Internationalized Email Headers ( RFC 6532 )
• EAI framework security considerations • SMTP security considerations • Header security considerations • DSN security considerations
Important notes about Overview and Framework for internationalized email “RFC 6531” • Changes to fully support internationalized email addresses include SMTP extension, email header to accommodate UTF-8 data. • Internationalized domain names alone have a little value without the identifiers that have to be internationalized like localpart of the email address.
EAI FRAMEWORK SECURITY CONSIDERATIONS • IDN-spoofing or IDN-homograph attacks ﻣﺼﺮ. ﺳﺠﻞ - ﻣﺤﻤﺪﻯ@ﺍﺧﺘﺒﺎﺭ ﻣﺼﺮ. ﺳﺠﻞ - ﻣﺤﻤﺪﻱ@ﺍﺧﺘﺒﺎﺭ • Confusable characters • Attacking messages and encoding layers.
Important notes about SMTP Extension for internationalized email “RFC 6531” • SMTP extension for transport and delivery of email message with internationalized email address or header information. • Servers offering this extension must provide support for , and announce, the 8 BITMIME extension. • SMTPUTF 8 presence asserts that the envelope includes the non-ASCII address, the message being sent is an internationalized message or needs the SMTPUTF 8 support • Maximum length of a Mail command line is increased by 10 characters to accommodate the possible addition of the SMTPUTF 8 parameter.
Important notes about SMTP Extension specifications • Permits the use of UTF-8 in email addresses in both local and domain parts. • Permits the use of UTF-8 in email message headers. • UTF-8 SMTP server should advertise the 8 BITMIME extension and client support 8 -bit transmission.
SMTP SECURITY CONSIDERATIONS • Logging systems and trouble tickets systems should support full UTF 8 • Security team members’ ability to quickly understand, read, and identify email addresses from the logs, when they are tracking an incident.
IMPORTANT NOTES ABOUT INTERNATIONALIZED EMAIL HEADER “RFC 6532” • Many E-mail clients now support MIME, but MIME affects only email messages. HEADER SECURITY CONSIDERATIONS Overflow buffers , truncate addresses , or exceed storage allotments
EAI CHALLENGES
EAI Challenges • Because there is no guarantee that a next-hop SMTP server will support the SMTPUTF 8 extension, use of the SMTPUTF 8 extension always carries a risk of transmission failure. • Low adoption of IDNs, but there is a recognition of its benefits • Users expect domain names in ASCII not IDN names , so EAI ? • Low to moderate awareness of IDNs • Not all email clients are compatible with fully IDN email addresses. • Not all email servers support EAI
References • IETF Overview and Framework for Internationalized Email ( RFC 6530 ) • IETF SMTP Extension for Internationalized Email ( RFC 6531 ) • IETF Internationalized Email Headers ( RFC 6532 ) • IETF Internationalized Delivery Status and Disposition Notifications ( RFC 6533 )