In article <1116377042.592906.137650@g44g2000cwa.googlegroups.com> you write:
Hello all. We have a client containing an underscore in the email address domain name. Our email server rejects it because of it's violation of the RFC standard. This individuals claim is that he doesn't have problems anywhere else and if this is going to be a problem he's "going to take his business elsewhere"!
I understand it's a violation of the standard, but does it pose a security hole to the email server to allow this sort of mail?
No *security* hole as such, other than you need to make sure that if you're going to accept such cruft, you make *damned* sure that you never leak it back out and have some *other* standard-conformant site get on *your* case about it.... Oh, and make sure that none of *your* automated tools that summarize maillogs and the like choke on it. And that your e-mail admin is using software that doesn't choke on it (otherwise if they send you e-mail, you can't reply.. ;) You may want to balance the costs of making sure that *all* your stuff is underscore-ready (don't forget ongoing maintenance costs, as you'll probably have to re-patch each new release of any tools) against what this customer is willing to pay you.