>> Wietse, thanks...but in Postfix I have to work with the ?o?o.com.ar >> domain name or with the xn--oo-yjab.gov.ar punycode domain name ??? > > The MAIL CLIENT must tranform non-ASCII domain names before > sending MAIL FROM or RCPT TO commands.
ICANN did not really consider the security and portability of IDNs before permitting them. The reasons for this are many, and speak poorly to ICANN's management structure. It is important to remember that ICANN's action does not mean that end-users are prepared to accept mail from such domains, or that doing so would be secure, much less that operating systems, libraries, and applications are capable of dealing with IDNs safely. Whether IDNs will ever be portable is a matter of debate. Right now they are in early-alpha status i.e., not ready for production. This might be OK for some DNS and SMTP implementations but for most production systems they pose too high of a risk. The increase in complexity of each OS, lib, and app required to accommodate IDNs is non-trivial. Widespread implementation would degrade security in and of itself (because of the relationship between code size and security among other factors). Speaking only for myself, for the foreseeable future we are not interested in experimental code and do not want to use a version of bind or postfix that cannot be compiled to refuse IDNs. Pat
