Are unquoted special characters legal in an RFC 5322 email display name if they're in an encoded word?

Question

Take the address

foo:bar <[email protected]>

As I understand it the colon in the display name foo:bar, being a special character, should be part of a quoted string, e.g. "foo:bar" <[email protected]>

In this next example the display name foo:bar is in an (RFC2047?) encoded word, but the colon isn't quoted before encoding. Is this a legal address? I've run into a tool that won't accept it, but I'm unsure if it's a bug or strictly correct behaviour.

=?UTF-8?B?Zm9vOmJhcg==?= <[email protected]>

I guess the other way of putting question is, should the RFC5322 validation be done before or after the RFC2047 header decoding?

Answer 1

RFC 2047 6.2 says:

NOTE: Decoding and display of encoded-words occurs after a structured field body is parsed into tokens. It is therefore possible to hide 'special' characters in encoded-words which, when displayed, will be indistinguishable from 'special' characters in the surrounding text. For this and other reasons, it is NOT generally possible to translate a message header containing 'encoded-word's to an unencoded form which can be parsed by an RFC 822 mail reader.

display-name is a token, so my reading of the spec is that your last example is a valid address - the validation should be done on the encoded value, and then decoded for display later.

Section 5 also says:

Use of 'encoded-word's to represent strings of purely ASCII characters is allowed, but discouraged.

So in this example you'd be encouraged to use the quoted form "foo:bar" <[email protected]>, and not use unnecessary encoded words.