Date: Fri, 18 Mar 1994 10:16:39 +0500
From: dupuy@smarts.com (Alexander Dupuy)
To: uri@bunyip.com, mpm@boombox.micro.umn.edu


> The syntax allows for the inclusion of a user name and even a password for 
> those systems which do not use the anonymous FTP convention. The default, 
> however, if no user or password is supplied, will be to use that convention, 
> viz. that the user name is "anonymous" and the password the user's 
> Internet-style mail address.

It's worth noting here that "the user's Internet-style mail address" should
consist of a local username, an at-sign (@) and a DNS name for the IP address
used on the local side of the FTP control connection.

It's an unfortunate reality that the implementors of many "enhanced" FTP
servers feel the need to "verify" the address of anonymous FTP clients.
Sometimes they are content to call getpeername (and maybe the remote ident
server, if any) and log whatever they know, but some insist on the presence of
an @ in the password, and one particularly obnoxious FTP server, which I have
found running at a number of sites, demands not only the presence of an @, but
that any characters following the @ must be a DNS name which resolves to the
same IP address as the FTP client.

Personally, I find such behavior in an FTP server stupid, pointless, and
incorrect, but I imagine that it's extremely unlikely that these FTP servers
will ever go away.  In any case, it's easy enough to generate a password which
all FTP servers will accept, even these ridiculous ones, and it's worth
specifying the algorithm for generating such a password in the URL spec.

@alex