smtplib.quoteaddr() returns malformed angle-bracket address for input '<'

[stefanzetzsche]

Bug report

Description

smtplib.quoteaddr() formats addresses for SMTP MAIL FROM: and RCPT TO: commands per RFC 821, which requires angle-bracket format (<addr>). It first delegates to email.utils.parseaddr(); when parsing succeeds, the result is correctly wrapped in <...>.

When parseaddr fails — which happens for inputs that don't resemble any recognizable email address format, like '<', '< ', or '@' — a fallback path kicks in. The fallback checks if the input starts with < and returns it verbatim, without verifying it also ends with >. This produces structurally invalid output (e.g. MAIL FROM:< instead of MAIL FROM:<>).

The existing code intentionally chooses to be lenient with unparseable input rather than raising an exception (the comment reads "use it as is and hope for the best"). Given that design choice, the output should at least be structurally valid — a half-open < with no > is neither rejecting bad input nor producing well-formed protocol output.

Reproducer

from smtplib import quoteaddr

print(repr(quoteaddr('<')))    # '<'  — missing closing >
print(repr(quoteaddr('< ')))   # '< ' — missing closing >
print(repr(quoteaddr('<user@example.com')))  # '<user@example.com' — missing >

CPython versions tested on:

CPython main branch

Operating systems tested on:

No response

Linked PRs

• gh-145552: smtplib: quoteaddr() returns malformed address for input '<' #145553