image from pbs.twimg.com
At the Certified Senders Alliance summit in Cologne Germany, CAUCE president John Levine talks about international email and its security.

John explained that, EAI is being used by literate computer users who cannot read English characters. He gave India as an example? in the state of Rajasthan, the Indian government is currently handing out email addresses in Hindi.

In the past, email addresses were all ASCII, but now they can be in UTF-8 encoded Unicode. A complication with Unicode is that there can be several ways to create a Unicode character (e.g. an ?can either be encoded as a character in its own right, or as an a followed by an accent). For human readers, this makes no difference to understanding the character, but for computers that can be difficult.

Some mail systems accept EAI mail, but many still don't. As a result, EAI senders need to be prepared for their email to fail if they are sending to ASCII recipients.

 

EAI Security issues

  • Homographs: e.g. Latin O, Cyrillic O & Greek Omicron all look the same, appearing bit-for-bit identical in some programs.
  • Bidirectional Text: Left-to-right vs right-to left text flow. Avoid combining different direction text within an address or URL,
  • Avoid mixed scripts. In theory, an address could combine a Chinese character, and Arabic, Cyrillic, etc., but combining them is bad practice. It is unreadable and impossible to type. While compatible scripts are ok (e.g. the three scripts used to write Japanese), mixed scripts should be treated very skeptically by spam filters.
  • Variant characters (e.g. different version of Chinese characters).

Challenges

  • Long domain names: there are top-level domains names as long as 24 characters.
  • Several ways to write the same character (is it ?or a + ? ?). If it is possible to combine the elements into a single pre-defined character, it is better to do so.
  • Punctuation is possible in local parts: it is allowable, but not advisable.
  • It is technically legal to use an emoji in an email address. This should be avoided. An email address must be easy to read and to type. Two different emojis with slightly different skin tones are not easy to differentiate or type.

Conclusion

EAI is on the way. It is going to be popular, particularly in countries like Thailand and India, where there is a literate population that does not read or write English. And finally, it is not difficult, but it is important to get ready.