idnits 2.17.1 draft-ietf-appsawg-mdn-3798bis-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 14 instances of too long lines in the document, the longest one being 16 characters in excess of 72. -- The draft header indicates that this document obsoletes RFC3798, but the abstract doesn't seem to mention this, which it should. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords -- however, there's a paragraph with a matching beginning. Boilerplate error? (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: disposition-modifier-extension Disposition modifiers may be defined in the future by later revisions or extensions to this specification. Disposition value names beginning with "X-" will never be defined as standard values; such names are reserved for experimental use. MDN disposition value names NOT beginning with "X-" MUST be registered with the Internet Assigned Numbers Authority (IANA) using "Specification required" registration policy. (See Section 10 for a registration form.) MDNs with disposition modifier names not understood by the receiving MUA MAY be silently ignored or placed in the user's mailbox without special interpretation. They MUST not cause any error message to be sent to the sender of the MDN. == The document seems to contain a disclaimer for pre-RFC5378 work, but was first submitted on or after 10 November 2008. The disclaimer is usually necessary only for documents that revise or obsolete older RFCs, and that take significant amounts of text from those RFCs. If you can contact all authors of the source material and they are willing to grant the BCP78 rights to the IETF Trust, you can and should remove the disclaimer. Otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (January 24, 2016) is 3008 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: 'FWS' on line 1017 -- Looks like a reference, but probably isn't: 'CFWS' on line 362 ** Obsolete normative reference: RFC 3462 (ref. '6') (Obsoleted by RFC 6522) -- Obsolete informational reference (is this intentional?): RFC 3501 (ref. '12') (Obsoleted by RFC 9051) -- Obsolete informational reference (is this intentional?): RFC 5226 (ref. '14') (Obsoleted by RFC 8126) Summary: 2 errors (**), 0 flaws (~~), 4 warnings (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group T. Hansen, Ed. 3 Internet-Draft AT&T Laboratories 4 Obsoletes: 3798 (if approved) A. Melnikov, Ed. 5 Intended status: Standards Track Isode Ltd 6 Expires: July 27, 2016 January 24, 2016 8 Message Disposition Notification 9 draft-ietf-appsawg-mdn-3798bis-06.txt 11 Abstract 13 This memo defines a MIME content-type that may be used by a mail user 14 agent (MUA) or electronic mail gateway to report the disposition of a 15 message after it has been successfully delivered to a recipient. 16 This content-type is intended to be machine-processable. Additional 17 message header fields are also defined to permit Message Disposition 18 Notifications (MDNs) to be requested by the sender of a message. The 19 purpose is to extend Internet Mail to support functionality often 20 found in other messaging systems, such as X.400 and the proprietary 21 "LAN-based" systems, and often referred to as "read receipts," 22 "acknowledgements", or "receipt notifications." The intention is to 23 do this while respecting privacy concerns, which have often been 24 expressed when such functions have been discussed in the past. 26 Because many messages are sent between the Internet and other 27 messaging systems (such as X.400 or the proprietary "LAN-based" 28 systems), the MDN protocol is designed to be useful in a multi- 29 protocol messaging environment. To this end, the protocol described 30 in this memo provides for the carriage of "foreign" addresses, in 31 addition to those normally used in Internet Mail. Additional 32 attributes may also be defined to support "tunneling" of foreign 33 notifications through Internet Mail. 35 Status of This Memo 37 This Internet-Draft is submitted in full conformance with the 38 provisions of BCP 78 and BCP 79. 40 Internet-Drafts are working documents of the Internet Engineering 41 Task Force (IETF). Note that other groups may also distribute 42 working documents as Internet-Drafts. The list of current Internet- 43 Drafts is at http://datatracker.ietf.org/drafts/current/. 45 Internet-Drafts are draft documents valid for a maximum of six months 46 and may be updated, replaced, or obsoleted by other documents at any 47 time. It is inappropriate to use Internet-Drafts as reference 48 material or to cite them other than as "work in progress." 49 This Internet-Draft will expire on July 27, 2016. 51 Copyright Notice 53 Copyright (c) 2016 IETF Trust and the persons identified as the 54 document authors. All rights reserved. 56 This document is subject to BCP 78 and the IETF Trust's Legal 57 Provisions Relating to IETF Documents 58 (http://trustee.ietf.org/license-info) in effect on the date of 59 publication of this document. Please review these documents 60 carefully, as they describe your rights and restrictions with respect 61 to this document. Code Components extracted from this document must 62 include Simplified BSD License text as described in Section 4.e of 63 the Trust Legal Provisions and are provided without warranty as 64 described in the Simplified BSD License. 66 This document may contain material from IETF Documents or IETF 67 Contributions published or made publicly available before November 68 10, 2008. The person(s) controlling the copyright in some of this 69 material may not have granted the IETF Trust the right to allow 70 modifications of such material outside the IETF Standards Process. 71 Without obtaining an adequate license from the person(s) controlling 72 the copyright in such materials, this document may not be modified 73 outside the IETF Standards Process, and derivative works of it may 74 not be created outside the IETF Standards Process, except to format 75 it for publication as an RFC or to translate it into languages other 76 than English. 78 Table of Contents 80 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 81 1.1. Purposes . . . . . . . . . . . . . . . . . . . . . . . . 3 82 1.2. Requirements . . . . . . . . . . . . . . . . . . . . . . 4 83 1.3. Terminology . . . . . . . . . . . . . . . . . . . . . . . 5 84 2. Requesting Message Disposition Notifications . . . . . . . . 5 85 2.1. The Disposition-Notification-To Header . . . . . . . . . 5 86 2.2. The Disposition-Notification-Options Header . . . . . . . 7 87 2.3. The Original-Recipient Header Field . . . . . . . . . . . 8 88 2.4. Use with the Message/Partial Content Type . . . . . . . . 9 89 3. Format of a Message Disposition Notification . . . . . . . . 9 90 3.1. The message/disposition-notification content-type . . . . 11 91 3.2. Message/disposition-notification Fields . . . . . . . . . 13 92 3.3. Extension-fields . . . . . . . . . . . . . . . . . . . . 18 93 4. Timeline of events . . . . . . . . . . . . . . . . . . . . . 19 94 5. Conformance and Usage Requirements . . . . . . . . . . . . . 20 95 6. Security Considerations . . . . . . . . . . . . . . . . . . . 20 96 6.1. Forgery . . . . . . . . . . . . . . . . . . . . . . . . . 21 97 6.2. Privacy . . . . . . . . . . . . . . . . . . . . . . . . . 21 98 6.3. Non-Repudiation . . . . . . . . . . . . . . . . . . . . . 22 99 6.4. Mail Bombing . . . . . . . . . . . . . . . . . . . . . . 22 100 7. Collected ABNF Grammar . . . . . . . . . . . . . . . . . . . 22 101 8. Guidelines for Gatewaying MDNs . . . . . . . . . . . . . . . 24 102 8.1. Gatewaying from other mail systems to MDNs . . . . . . . 24 103 8.2. Gatewaying from MDNs to other mail systems . . . . . . . 25 104 8.3. Gatewaying of MDN-requests to other mail systems . . . . 25 105 9. Example . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 106 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 27 107 10.1. Disposition-Notification-Options header field 108 disposition-notification-parameter names . . . . . . . . 28 109 10.2. Disposition modifier names . . . . . . . . . . . . . . . 28 110 10.3. MDN extension field names . . . . . . . . . . . . . . . 28 111 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 29 112 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 29 113 12.1. Normative References . . . . . . . . . . . . . . . . . . 29 114 12.2. Informative References . . . . . . . . . . . . . . . . . 30 115 Appendix A. Changes from RFC 3798 . . . . . . . . . . . . . . . 31 116 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 32 118 1. Introduction 120 This memo defines a RFC-MIME-MEDIA [4] content-type for message 121 disposition notifications (MDNs). An MDN can be used to notify the 122 sender of a message of any of several conditions that may occur after 123 successful delivery, such as display of the message contents, 124 printing of the message, deletion (without display) of the message, 125 or the recipient's refusal to provide MDNs. The "message/ 126 disposition-notification" content-type defined herein is intended for 127 use within the framework of the "multipart/report" content type 128 defined in RFC-REPORT [6]. 130 This memo defines the format of the notifications and the RFC-MSGFMT 131 [2] header fields used to request them. 133 This memo is an update to RFC 3798 and is intended to be published at 134 Internet Standard Level. 136 This memo is currently marked with the 'pre5378Trust200902' IPR 137 statements until a release has been obtained from all previous 138 authors and editors of this text. 140 1.1. Purposes 142 The MDNs defined in this memo are expected to serve several purposes: 144 a. Inform human beings of the disposition of messages after 145 successful delivery, in a manner that is largely independent of 146 human language; 148 b. Allow mail user agents to keep track of the disposition of 149 messages sent, by associating returned MDNs with earlier message 150 transmissions; 152 c. Convey disposition notification requests and disposition 153 notifications between Internet Mail and "foreign" mail systems 154 via a gateway; 156 d. Allow "foreign" notifications to be tunneled through a MIME- 157 capable message system and back into the original messaging 158 system that issued the original notification, or even to a third 159 messaging system; 161 e. Allow language-independent, yet reasonably precise, indications 162 of the disposition of a message to be delivered. 164 1.2. Requirements 166 These purposes place the following constraints on the notification 167 protocol: 169 a. It must be readable by humans, and must be machine-parsable. 171 b. It must provide enough information to allow message senders (or 172 their user agents) to unambiguously associate an MDN with the 173 message that was sent and the original recipient address for 174 which the MDN was issued (if such information is available), even 175 if the message was forwarded to another recipient address. 177 c. It must also be able to describe the disposition of a message 178 independent of any particular human language or of the 179 terminology of any particular mail system. 181 d. The specification must be extensible in order to accommodate 182 future requirements. 184 1.3. Terminology 186 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 187 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 188 document are to be interpreted as described in RFC-KEYWORDS [9]. 190 All syntax descriptions use the ABNF specified by RFC-MSGFMT [2], in 191 which the lexical tokens (used below) are defined: "CRLF", "FWS", 192 "CFWS", "field-name", "mailbox-list", "msg-id", and "text". The 193 following lexical tokens are defined in RFC-SMTP [1]: "atom". 195 2. Requesting Message Disposition Notifications 197 Message disposition notifications are requested by including a 198 Disposition-Notification-To header field in the message containing 199 one or more addresses specifying where dispositions should be sent. 200 Further information to be used by the recipient's MUA in generating 201 the MDN may be provided by also including Original-Recipient and/or 202 Disposition-Notification-Options header fields in the message. 204 2.1. The Disposition-Notification-To Header 206 A request for the receiving user agent to issue message disposition 207 notifications is made by placing a Disposition-Notification-To header 208 field into the message. The syntax of the header field is 210 mdn-request-header = "Disposition-Notification-To" ":" mailbox-list CRLF 212 A Disposition-Notification-To header field can appear at most once in 213 a message. 215 The presence of a Disposition-Notification-To header field in a 216 message is merely a request for an MDN. The recipients' user agents 217 are always free to silently ignore such a request. 219 An MDN MUST NOT itself have a Disposition-Notification-To header 220 field. An MDN MUST NOT be generated in response to an MDN. 222 A user agent MUST NOT issue more than one MDN on behalf of each 223 particular recipient. That is, once an MDN has been issued on behalf 224 of a recipient, no further MDNs may be issued on behalf of that 225 recipient by the same user agent, even if another disposition is 226 performed on the message. However, if a message is forwarded, an MDN 227 may have been issued for the recipient doing the forwarding and the 228 recipient of the forwarded message may also cause an MDN to be 229 generated. 231 It is also possible that if the same message is being accessed by 232 multiple user agents (for example using POP3), then multiple 233 dispositions might be generated for the same recipient. User agents 234 SHOULD laverage support in the underlying message access protocol to 235 prevent multiple MDNs from being generated. In particular, when the 236 user agent is accessing the message using RFC-IMAP [12], it SHOULD 237 implement the procedures specified in RFC-IMAP-MDN [10]. 239 While Internet standards normally do not specify the behavior of user 240 interfaces, it is strongly recommended that the user agent obtain the 241 user's consent before sending an MDN. This consent could be obtained 242 for each message through some sort of prompt or dialog box, or 243 globally through the user's setting of a preference. 245 MDNs SHOULD NOT be sent automatically if the address in the 246 Disposition-Notification-To header field differs from the address in 247 the Return-Path header field (see RFC-MSGFMT [2]). In this case, 248 confirmation from the user SHOULD be obtained, if possible. If 249 obtaining consent is not possible (e.g., because the user is not 250 online at the time), then an MDN SHOULD NOT be sent. 252 Confirmation from the user SHOULD be obtained (or no MDN sent) if 253 there is no Return-Path header field in the message, or if there is 254 more than one distinct address in the Disposition-Notification-To 255 header field. 257 The comparison of the addresses should be done using only the addr- 258 spec (local-part "@" domain) portion, excluding any angle brackets, 259 phrase and route. The comparison MUST be case-sensitive for the 260 local-part and case-insensitive for the domain part. The local-part 261 comparison SHOULD be done after performing local-part 262 canonicalization (i.e. after removing the surrounding double-quote 263 characters, if any, as well as any escaping "\" characters. (See 264 RFC-MSGFMT [2] for more details.) Implementations MAY treat known 265 domain aliases as equivalent for the purpose of comparison. 267 Note that use of subaddressing (see [13]) can result in a failure to 268 match two local-parts and thus result in possible suppression of the 269 MDN. This document doesn't recommend special handling for this case, 270 as the receiving MUA can't reliably know whether or not the sender is 271 using subaddressing. 273 If the message contains more than one Return-Path header field, the 274 implementation may pick one to use for the comparison, or treat the 275 situation as a failure of the comparison. 277 The reason for not automatically sending an MDN if the comparison 278 fails or more than one address is specified is to reduce the 279 possibility of mail loops and of MDNs being used for mail bombing. 281 A message that contains a Disposition-Notification-To header field 282 SHOULD also contain a Message-ID header field as specified in RFC- 283 MSGFMT [2]. This will permit automatic correlation of MDNs with 284 their original messages by user agents. 286 If the request for message disposition notifications for some 287 recipients and not others is desired, two copies of the message 288 should be sent, one with a Disposition-Notification-To header field 289 and one without. Many of the other header fields of the message 290 (e.g., To, Cc) will be the same in both copies. The recipients in 291 the respective message envelopes determine for whom message 292 disposition notifications are requested and for whom they are not. 293 If desired, the Message-ID header field may be the same in both 294 copies of the message. Note that there are other situations (e.g., 295 Bcc) in which it is necessary to send multiple copies of a message 296 with slightly different header fields. The combination of such 297 situations and the need to request MDNs for a subset of all 298 recipients may result in more than two copies of a message being 299 sent, some with a Disposition-Notification-To header field and some 300 without. 302 Messages posted to newsgroups SHOULD NOT have a Disposition- 303 Notification-To header field. 305 2.2. The Disposition-Notification-Options Header 307 Extensions to this specification may require that information be 308 supplied to the recipient's MUA for additional control over how and 309 what MDNs are generated. The Disposition-Notification-Options header 310 field provides an extensible mechanism for such information. The 311 syntax of this header field is as follows: 313 Disposition-Notification-Options = 314 "Disposition-Notification-Options" ":" [FWS] 315 disposition-notification-parameter-list CRLF 316 disposition-notification-parameter-list = 317 disposition-notification-parameter 318 *([FWS] ";" [FWS] disposition-notification-parameter) 319 disposition-notification-parameter = attribute [FWS] "=" 320 [FWS] importance [FWS] "," [FWS] value *([FWS] "," [FWS] value) 321 importance = "required" / "optional" 322 attribute = atom 323 value = word 324 A Disposition-Notification-Options header field can appear at most 325 once in a message. 327 An importance of "required" indicates that interpretation of the 328 disposition-notification-parameter is necessary for proper generation 329 of an MDN in response to this request. An importance of "optional" 330 indicates that an MUA that does not understand the meaning of this 331 disposition-notification-parameter MAY generate an MDN in response 332 anyway, ignoring the value of the disposition-notification-parameter. 334 No disposition-notification-parameter attribute names are defined in 335 this specification. Attribute names may be defined in the future by 336 later revisions or extensions to this specification. Disposition- 337 notification-parameter attribute names beginning with "X-" will never 338 be defined as standard names; such names are reserved for 339 experimental use. disposition-notification-parameter attribute names 340 not beginning with "X-" MUST be registered with the Internet Assigned 341 Numbers Authority (IANA) using "Specification required" registration 342 policy. 343 (See Section 10 for a registration form.) 345 2.3. The Original-Recipient Header Field 347 Since electronic mail addresses may be rewritten while the message is 348 in transit, it is useful for the original recipient address to be 349 made available by the delivering MTA. The delivering MTA may be able 350 to obtain this information from the ORCPT parameter of the SMTP RCPT 351 TO command, as defined in RFC-SMTP [1] and RFC-DSN-SMTP [7]. 353 RFC-DSN-SMTP [7] is amended as follows: If the ORCPT information is 354 available, the delivering MTA SHOULD insert an Original-Recipient 355 header field at the beginning of the message (along with the Return- 356 Path header field). The delivering MTA MAY delete any other 357 Original-Recipient header fields that occur in the message. The 358 syntax of this header field is as follows: 360 original-recipient-header = 361 "Original-Recipient" ":" OWS address-type OWS ";" OWS generic-address OWS 362 OWS = [CFWS] 363 ; Optional whitespace. 364 ; MDN generators SHOULD use "*WSP" 365 ; (typically a single space or nothing. 366 ; It SHOULD be nothing at the end of a field), 367 ; unless an RFC 5322 "comment" is required. 368 ; 369 ; MDN parsers MUST parse it as "[CFWS]". 371 The address-type and generic-address token are as specified in the 372 description of the Original-Recipient field in Section 3.2.3. 374 The purpose of carrying the original recipient information and 375 returning it in the MDN is to permit automatic correlation of MDNs 376 with the original message on a per-recipient basis. 378 2.4. Use with the Message/Partial Content Type 380 The use of the header fields Disposition-Notification-To, 381 Disposition-Notification-Options, and Original-Recipient with the 382 MIME message/partial content type (RFC-MIME-MEDIA [4]]) requires 383 further definition. 385 When a message is segmented into two or more message/partial 386 fragments, the three header fields mentioned in the above paragraph 387 SHOULD be placed in the "inner" or "enclosed" message (using the 388 terms of RFC-MIME-MEDIA [4]). These header fields SHOULD NOT be used 389 in the header fields of any of the fragments themselves. 391 When the multiple message/partial fragments are reassembled, the 392 following applies. If these header fields occur along with the other 393 header fields of a message/partial fragment message, they pertain to 394 an MDN that will be generated for the fragment. If these header 395 fields occur in the header fields of the "inner" or "enclosed" 396 message (using the terms of RFC-MIME-MEDIA [4]), they pertain to an 397 MDN that will be generated for the reassembled message. 398 Section 5.2.2.1 of RFC-MIME-MEDIA [4]) is amended to specify that, in 399 addition to the header fields specified there, the three header 400 fields described in this specification are to be appended, in order, 401 to the header fields of the reassembled message. Any occurrences of 402 the three header fields defined here in the header fields of the 403 initial enclosing message must not be copied to the reassembled 404 message. 406 3. Format of a Message Disposition Notification 408 A message disposition notification is a MIME message with a top-level 409 content-type of multipart/report (defined in RFC-REPORT [6]). When 410 multipart/report content is used to transmit an MDN: 412 a. The report-type parameter of the multipart/report content is 413 "disposition-notification". 415 b. The first component of the multipart/report contains a human- 416 readable explanation of the MDN, as described in RFC-REPORT [6]. 418 c. The second component of the multipart/report is of content-type 419 message/disposition-notification, described in Section 3.1 of 420 this document. 422 d. If the original message or a portion of the message is to be 423 returned to the sender, it appears as the third component of the 424 multipart/report. The decision of whether or not to return the 425 message or part of the message is up to the MUA generating the 426 MDN. However, in the case of encrypted messages requesting MDNs, 427 encrypted message text MUST be returned, if it is returned at 428 all, only in its original encrypted form. 430 NOTE: For message disposition notifications gatewayed from foreign 431 systems, the header fields of the original message may not be 432 available. In this case, the third component of the MDN may be 433 omitted, or it may contain "simulated" RFC-MSGFMT [2] header fields 434 that contain equivalent information. In particular, it is very 435 desirable to preserve the subject and date fields from the original 436 message. 438 The MDN MUST be addressed (in both the message header field and the 439 transport envelope) to the address(es) from the Disposition- 440 Notification-To header field from the original message for which the 441 MDN is being generated. 443 The From field of the message header field of the MDN MUST contain 444 the address of the person for whom the message disposition 445 notification is being issued. 447 The envelope sender address (i.e., SMTP MAIL FROM) of the MDN MUST be 448 null (<>), specifying that no Delivery Status Notification messages 449 or other messages indicating successful or unsuccessful delivery are 450 to be sent in response to an MDN. 452 A message disposition notification MUST NOT itself request an MDN. 453 That is, it MUST NOT contain a Disposition-Notification-To header 454 field. 456 The Message-ID header field (if present) for an MDN MUST be different 457 from the Message-ID of the message for which the MDN is being issued. 459 A particular MDN describes the disposition of exactly one message for 460 exactly one recipient. Multiple MDNs may be generated as a result of 461 one message submission, one per recipient. However, due to the 462 circumstances described in Section 2.1, MDNs may not be generated for 463 some recipients for which MDNs were requested. 465 3.1. The message/disposition-notification content-type 467 The message/disposition-notification content-type is defined as 468 follows: 470 MIME type name: message 472 MIME subtype name: disposition-notification 474 Optional parameters: none 476 Encoding considerations: "7bit" encoding is sufficient and MUST be 477 used to maintain readability when viewed by non- 478 MIME mail readers. 480 Security considerations: discussed in Section 6 of this memo. 482 (While the 7bit restriction applies to the message/disposition- 483 notification portion of the multipart/report content, it does not 484 apply to the optional third portion of the multipart/report content.) 486 The message/disposition-notification report type for use in the 487 multipart/report is "disposition-notification". 489 The body of a message/disposition-notification consists of one or 490 more "fields" formatted according to the ABNF of RFC-MSGFMT [2] 491 header "fields". The syntax of the message/disposition-notification 492 content is as follows: 494 disposition-notification-content = [ reporting-ua-field CRLF ] 495 [ mdn-gateway-field CRLF ] 496 [ original-recipient-field CRLF ] 497 final-recipient-field CRLF 498 [ original-message-id-field CRLF ] 499 disposition-field CRLF 500 *( failure-field CRLF ) 501 *( error-field CRLF ) 502 *( extension-field CRLF ) 503 extension-field = extension-field-name ":" *([FWS] text) 504 extension-field-name = field-name 506 Note that the order of the above fields is fixed, with the exception 507 of the extension fields. 509 3.1.1. General conventions for fields 511 Since these fields are defined according to the rules of RFC-MSGFMT 512 [2], the same conventions for continuation lines and comments apply. 513 Notification fields may be continued onto multiple lines by beginning 514 each additional line with a SPACE or HTAB. Text that appears in 515 parentheses is considered a comment and not part of the contents of 516 that notification field. Field names are case-insensitive, so the 517 names of notification fields may be spelled in any combination of 518 upper and lower case letters. [2] comments in notification fields 519 may use the "encoded-word" construct defined in RFC-MIME-HEADER [5]. 521 3.1.2. "*-type" subfields 523 Several fields consist of a "-type" subfield, followed by a semi- 524 colon, followed by "*text". 525 For these fields, the keyword used in the address-type or MTA-type 526 subfield indicates the expected format of the address or MTA-name 527 that follows. 529 The "-type" subfields are defined as follows: 531 a. An "address-type" specifies the format of a mailbox address. For 532 example, Internet Mail addresses use the "rfc822" address-type. 534 address-type = atom 535 atom = 537 b. An "MTA-name-type" specifies the format of a mail transfer agent 538 name. For example, for an SMTP server on an Internet host, the 539 MTA name is the domain name of that host, and the "dns" MTA-name- 540 type is used. 542 mta-name-type = atom 544 Values for address-type and mta-name-type are case-insensitive. 545 Thus, address-type values of "RFC822" and "rfc822" are equivalent. 547 The Internet Assigned Numbers Authority (IANA) maintains a registry 548 of address-type and mta-name-type values, along with descriptions of 549 the meanings of each, or a reference to one or more specifications 550 that provide such descriptions. (The "rfc822" address-type is 551 defined in RFC-DSN-SMTP [7].) Registration forms for address-type 552 and mta-name-type appear in RFC-DSN-FORMAT [8]. 554 3.2. Message/disposition-notification Fields 556 3.2.1. The Reporting-UA field 558 reporting-ua-field = "Reporting-UA" ":" OWS ua-name OWS [ ";" OWS ua-product OWS ] 559 ua-name = *text-no-semi 560 ua-product = *([FWS] text) 561 text-no-semi = %d1-9 / ; "text" characters excluding NUL, CR, 562 %d11 / %d12 / %d14-58 / %d60-127 ; LF, or semi-colon 564 The Reporting-UA field is defined as follows: 566 An MDN describes the disposition of a message after it has been 567 delivered to a recipient. In all cases, the Reporting-UA is the MUA 568 that performed the disposition described in the MDN. This field is 569 optional, but recommended. For Internet Mail user agents, it is 570 recommended that this field contain both: the DNS name of the 571 particular instance of the MUA that generated the MDN, and the name 572 of the product. For example, 574 Reporting-UA: pc.example.com; Foomail 97.1 576 If the reporting MUA consists of more than one component (e.g., a 577 base program and plug-ins), this may be indicated by including a list 578 of product names. 580 3.2.2. The MDN-Gateway field 582 The MDN-Gateway field indicates the name of the gateway or MTA that 583 translated a foreign (non-Internet) message disposition notification 584 into this MDN. This field MUST appear in any MDN that was translated 585 by a gateway from a foreign system into MDN format, and MUST NOT 586 appear otherwise. 588 mdn-gateway-field = "MDN-Gateway" ":" OWS mta-name-type OWS ";" OWS mta-name OWS 589 mta-name = *text 591 For gateways into Internet Mail, the MTA-name-type will normally be 592 "smtp", and the mta-name will be the Internet domain name of the 593 gateway. 595 3.2.3. Original-Recipient field 597 The Original-Recipient field indicates the original recipient address 598 as specified by the sender of the message for which the MDN is being 599 issued. For Internet Mail messages, the value of the Original- 600 Recipient field is obtained from the Original-Recipient header field 601 from the message for which the MDN is being generated. If there is 602 no Original-Recipient header field in the message, then the Original- 603 Recipient field MUST be omitted, unless the same information is 604 reliably available some other way. If there is an Original-Recipient 605 header field in the original message (or original recipient 606 information is reliably available some other way), then the Original- 607 Recipient field must be supplied. If there is more than one 608 Original-Recipient header field in the message, the MUA may choose 609 the one to use, or act as if no Original-Recipient header field is 610 present. 612 original-recipient-field = 613 "Original-Recipient" ":" OWS address-type OWS ";" OWS generic-address OWS 614 generic-address = *text 616 The address-type field indicates the type of the original recipient 617 address. If the message originated within the Internet, the address- 618 type field will normally be "rfc822", and the address will be 619 according to the syntax specified in RFC-MSGFMT [2]. The value 620 "unknown" should be used if the Reporting MUA cannot determine the 621 type of the original recipient address from the message envelope. 622 This address is the same as that provided by the sender and can be 623 used to automatically correlate MDN reports with original messages on 624 a per recipient basis. 626 3.2.4. Final-Recipient field 628 The Final-Recipient field indicates the recipient for which the MDN 629 is being issued. This field MUST be present. 631 The syntax of the field is as follows: 633 final-recipient-field = 634 "Final-Recipient" ":" OWS address-type OWS ";" OWS generic-address OWS 636 The generic-address subfield of the Final-Recipient field MUST 637 contain the mailbox address of the recipient (from the From header 638 field of the MDN) as it was when the MDN was generated by the MUA. 640 The Final-Recipient address may differ from the address originally 641 provided by the sender, because it may have been transformed during 642 forwarding and gatewaying into a totally unrecognizable mess. 643 However, in the absence of the optional Original-Recipient field, the 644 Final-Recipient field and any returned content may be the only 645 information available with which to correlate the MDN with a 646 particular message recipient. 648 The address-type subfield indicates the type of address expected by 649 the reporting MTA in that context. Recipient addresses obtained via 650 SMTP will normally be of address-type "rfc822". 652 Since mailbox addresses (including those used in the Internet) may be 653 case sensitive, the case of alphabetic characters in the address MUST 654 be preserved. 656 3.2.5. Original-Message-ID field 658 The Original-Message-ID field indicates the message-ID of the message 659 for which the MDN is being issued. It is obtained from the Message- 660 ID header field of the message for which the MDN is issued. This 661 field MUST be present if the original message contained a Message-ID 662 header field. The syntax of the field is as follows: 664 original-message-id-field = 665 "Original-Message-ID" ":" msg-id 667 The msg-id token is as specified in RFC-MSGFMT [2]. 669 3.2.6. Disposition field 671 The Disposition field indicates the action performed by the 672 Reporting-MUA on behalf of the user. This field MUST be present. 674 The syntax for the Disposition field is: 676 disposition-field = 677 "Disposition" ":" OWS disposition-mode OWS ";" 678 OWS disposition-type 679 [ OWS "/" OWS disposition-modifier 680 *( OWS "," OWS disposition-modifier ) ] OWS 681 disposition-mode = action-mode OWS "/" OWS sending-mode 682 action-mode = "manual-action" / "automatic-action" 683 sending-mode = "MDN-sent-manually" / "MDN-sent-automatically" 684 disposition-type = "displayed" / "deleted" / "dispatched" / 685 "processed" 686 disposition-modifier = "error" / disposition-modifier-extension 687 disposition-modifier-extension = atom 689 The disposition-mode, disposition-type, and disposition-modifier may 690 be spelled in any combination of upper and lower case characters. 692 3.2.6.1. Disposition modes 694 The following disposition modes are defined: 696 "manual-action" The disposition described by the disposition type 697 was a result of an explicit instruction by the 698 user rather than some sort of automatically 699 performed action. 701 "automatic-action" The disposition described by the disposition type 702 was a result of an automatic action, rather than 703 an explicit instruction by the user for this 704 message. 706 "Manual-action" and "automatic-action" are mutually exclusive. One 707 or the other MUST be specified. 709 "MDN-sent-manually" The user explicitly gave permission for this 710 particular MDN to be sent. 712 "MDN-sent-automatically" The MDN was sent because the MUA had 713 previously been configured to do so 714 automatically. 716 "MDN-sent-manually" and "MDN-sent-automatically" are mutually 717 exclusive. One or the other MUST be specified. 719 3.2.6.2. Disposition types 721 The following disposition-types are defined: 723 "displayed" The message has been displayed by the MUA to 724 someone reading the recipient's mailbox. There 725 is no guarantee that the content has been read or 726 understood. 728 "dispatched" The message has been sent somewhere in some 729 manner (e.g., printed, faxed, forwarded) without 730 necessarily having been previously displayed to 731 the user. The user may or may not see the 732 message later. 734 "processed" The message has been processed in some manner 735 (i.e., by some sort of rules or server) without 736 being displayed to the user. The user may or may 737 not see the message later, or there may not even 738 be a human user associated with the mailbox. 740 "deleted" The message has been deleted. The recipient may 741 or may not have seen the message. The recipient 742 might "undelete" the message at a later time and 743 read the message. 745 3.2.6.3. Disposition modifiers 747 Only the extension disposition modifiers is defined: 749 disposition-modifier-extension 750 Disposition modifiers may be defined in the 751 future by later revisions or extensions to this 752 specification. Disposition value names beginning 753 with "X-" will never be defined as standard 754 values; such names are reserved for experimental 755 use. MDN disposition value names NOT beginning 756 with "X-" MUST be registered with the Internet 757 Assigned Numbers Authority (IANA) using 758 "Specification required" registration policy. 759 (See Section 10 for a registration form.) MDNs 760 with disposition modifier names not understood by 761 the receiving MUA MAY be silently ignored or 762 placed in the user's mailbox without special 763 interpretation. They MUST not cause any error 764 message to be sent to the sender of the MDN. 766 If an MUA developer does not wish to register the meanings of such 767 disposition modifier extensions, "X-" modifiers may be used for this 768 purpose. To avoid name collisions, the name of the MUA 769 implementation should follow the "X-", (e.g., "X-Foomail-"). 771 It is not required that an MUA be able to generate all of the 772 possible values of the Disposition field. 774 A user agent MUST NOT issue more than one MDN on behalf of each 775 particular recipient. That is, once an MDN has been issued on behalf 776 of a recipient, no further MDNs may be issued on behalf of that 777 recipient, even if another disposition is performed on the message. 778 However, if a message is forwarded, a "dispatched" MDN MAY be issued 779 for the recipient doing the forwarding and the recipient of the 780 forwarded message may also cause an MDN to be generated. 782 3.2.7. Failure and Error Fields 784 The Failure and Error fields are used to supply additional 785 information in the form of text messages when the "failure" 786 disposition type or "error" disposition modifier appear. The syntax 787 is as follows: 789 failure-field = "Failure" ":" *([FWS] text) 790 error-field = "Error" ":" *([FWS] text) 792 Note that syntax of these header fields doesn't include comments, so 793 "encoded-word" construct defined in RFC-MIME-HEADER [5] can't be used 794 to convey non ASCII text. Application that need to convey non ASCII 795 text in these fields should consider implementing message/global- 796 disposition-notification media type specified in [15] instead of this 797 specification. 799 3.3. Extension-fields 801 Additional MDN fields may be defined in the future by later revisions 802 or extensions to this specification. Extension-field names beginning 803 with "X-" will never be defined as standard fields; such names are 804 reserved for experimental use. MDN field names NOT beginning with 805 "X-" MUST be registered with the Internet Assigned Numbers Authority 806 (IANA) using "Specification required" registration policy. (See 807 Section 10 for a registration form.) MDN Extension-fields may be 808 defined for the following reasons: 810 a. To allow additional information from foreign disposition reports 811 to be tunneled through Internet MDNs. The names of such MDN 812 fields should begin with an indication of the foreign environment 813 name (e.g., X400-Physical-Forwarding-Address). 815 b. To allow transmission of diagnostic information that is specific 816 to a particular mail user agent (MUA). The names of such MDN 817 fields should begin with an indication of the MUA implementation 818 that produced the MDN (e.g., Foomail-information). 820 If an application developer does not wish to register the meanings of 821 such extension fields, "X-" fields may be used for this purpose. To 822 avoid name collisions, the name of the application implementation 823 should follow the "X-", (e.g., "X-Foomail-Log-ID" or "X-Foomail-EDI- 824 info"). 826 4. Timeline of events 828 The following timeline shows when various events in the processing of 829 a message and generation of MDNs take place: 831 -- User composes message 833 -- User tells MUA to send message 835 -- MUA passes message to MTA (original recipient information passed 836 along) 838 -- MTA sends message to next MTA 840 -- Final MTA receives message 842 -- Final MTA delivers message to MUA (possibly generating a DSN) 844 -- MUA performs automatic processing and generates corresponding MDNs 845 ("dispatched", "processed" or "deleted" disposition type with 846 "automatic-action" and "MDN-sent-automatically" disposition modes) 848 -- MUA displays list of messages to user 850 -- User selects a message and requests that some action be performed 851 on it. 853 -- MUA performs requested action and, with user's permission, sends 854 an appropriate MDN ("displayed", "dispatched", "processed", or 855 "deleted" disposition type, with "manual-action" and "MDN-sent- 856 manually" or "MDN-sent-automatically" disposition mode). 858 -- User possibly performs other actions on message, but no further 859 MDNs are generated. 861 5. Conformance and Usage Requirements 863 An MUA or gateway conforms to this specification if it generates MDNs 864 according to the protocol defined in this memo. It is not necessary 865 to be able to generate all of the possible values of the Disposition 866 field. 868 MUAs and gateways MUST NOT generate the Original-Recipient field of 869 an MDN unless the mail protocols provide the address originally 870 specified by the sender at the time of submission. Ordinary SMTP 871 does not make that guarantee, but the SMTP extension defined in RFC- 872 DSN-SMTP [7] permits such information to be carried in the envelope 873 if it is available. The Original-Recipient header field defined in 874 this document provides a way for the MTA to pass the original 875 recipient address to the MUA. 877 Each sender-specified recipient address may result in more than one 878 MDN. If an MDN is requested for a recipient that is forwarded to 879 multiple recipients of an "alias" (as defined in RFC-DSN-SMTP [7], 880 section 6.2.7.3), each of the recipients may issue an MDN. 882 Successful distribution of a message to a mailing list exploder 883 SHOULD be considered the final disposition of the message. A mailing 884 list exploder MAY issue an MDN with a disposition type of "processed" 885 and disposition modes of "automatic-action" and "MDN-sent- 886 automatically" indicating that the message has been forwarded to the 887 list. In this case, the request for MDNs is not propagated to the 888 members of the list. 890 Alternatively, the mailing list exploder MAY issue no MDN and 891 propagate the request for MDNs to all members of the list. The 892 latter behavior is not recommended for any but small, closely knit 893 lists, as it might cause large numbers of MDNs to be generated and 894 may cause confidential subscribers to the list to be revealed. The 895 mailing list exploder MAY also direct MDNs to itself, correlate them, 896 and produce a report to the original sender of the message. 898 This specification places no restrictions on the processing of MDNs 899 received by user agents or mailing lists. 901 6. Security Considerations 903 The following security considerations apply when using MDNs: 905 6.1. Forgery 907 MDNs may be forged as easily as ordinary Internet electronic mail. 908 User agents and automatic mail handling facilities (such as mail 909 distribution list exploders) that wish to make automatic use of MDNs 910 should take appropriate precautions to minimize the potential damage 911 from denial-of-service attacks. 913 Security threats related to forged MDNs include the sending of: 915 a. A falsified disposition notification when the indicated 916 disposition of the message has not actually occurred, 918 b. Unsolicited MDNs 920 6.2. Privacy 922 Another dimension of security is privacy. There may be cases in 923 which a message recipient does not wish the disposition of messages 924 addressed to him to be known, or is concerned that the sending of 925 MDNs may reveal other sensitive information (e.g., when the message 926 was read). In this situation, it is acceptable for the MUA to 927 silently ignore requests for MDNs. 929 If the Disposition-Notification-To header field is passed on 930 unmodified when a message is distributed to the subscribers of a 931 mailing list, the subscribers to the list may be revealed to the 932 sender of the original message by the generation of MDNs. 934 Headers of the original message returned in part 3 of the multipart/ 935 report could reveal confidential information about host names and/or 936 network topology inside a firewall. 938 An unencrypted MDN could reveal confidential information about an 939 encrypted message, especially if all or part of the original message 940 is returned in part 3 of the multipart/report. Encrypted MDNs are 941 not defined in this specification. 943 In general, any optional MDN field may be omitted if the Reporting 944 MUA site or user determines that inclusion of the field would impose 945 too great a compromise of site confidentiality. The need for such 946 confidentiality must be balanced against the utility of the omitted 947 information in MDNs. 949 In some cases, someone with access to the message stream may use the 950 MDN request mechanism to monitor the mail reading habits of a target. 952 If the target is known to generate MDN reports, they could add a 953 disposition-notification-to field containing the envelope from 954 address along with a source route. The source route is ignored in 955 the comparison so the addresses will always match. But if the source 956 route is honored when the notification is sent, it could direct the 957 message to some other destination. This risk can be minimized by not 958 sending MDN's automatically. 960 6.3. Non-Repudiation 962 MDNs do not provide non-repudiation with proof of delivery. Within 963 the framework of today's Internet Mail, the MDNs defined in this 964 document provide valuable information to the mail user; however, MDNs 965 cannot be relied upon as a guarantee that a message was or was not 966 seen by the recipient. Even if MDNs are not actively forged, they 967 may be lost in transit. The recipient may bypass the MDN issuing 968 mechanism in some manner. 970 One possible solution for this purpose can be found in RFC-SEC- 971 SERVICES [11]. 973 6.4. Mail Bombing 975 The MDN request mechanism introduces an additional way of mailbombing 976 a mailbox. The MDN request notification provides an address to which 977 MDN's should be sent. It is possible for an attacking agent to send 978 a potentially large set of messages to otherwise unsuspecting third 979 party recipients with a false "disposition-notification-to:" address. 980 Automatic, or simplistic processing of such requests would result in 981 a flood of MDN notifications to the target of the attack. Such an 982 attack could overrun the capacity of the targeted mailbox and deny 983 service. 985 For that reason, MDN's SHOULD NOT be sent automatically where the 986 "disposition-notification-to:" address is different from the envelope 987 MAIL FROM address. See Section 2.1 for further discussion. 989 7. Collected ABNF Grammar 991 NOTE: The following lexical tokens are defined in RFC-MSGFMT [2]: 992 CRLF, FWS, CFWS, field-name, mailbox-list, msg-id, text, comment, 993 word. The following lexical tokens are defined in RFC-SMTP [1]: 994 atom. (Note that RFC-MSGFMT [2] also defines "atom", but the version 995 from RFC-SMTP [1] is more restrictive and this more restrictive 996 version is used in this document.) "encoded-word" construct defined 997 in RFC-MIME-HEADER [5] is allowed everywhere where RFC-MSGFMT [2] 998 "comment" is used, for example in CFWS. 1000 OWS = [CFWS] 1001 ; Optional whitespace. 1002 ; MDN generators SHOULD use "*WSP" 1003 ; (typically a single space or nothing. 1004 ; It SHOULD be nothing at the end of a field), 1005 ; unless an RFC 5322 "comment" is required. 1006 ; 1007 ; MDN parsers MUST parse it as "[CFWS]". 1009 Message header fields: 1010 mdn-request-header = 1011 "Disposition-Notification-To" ":" mailbox-list CRLF 1012 Disposition-Notification-Options = 1013 "Disposition-Notification-Options" ":" [FWS] 1014 disposition-notification-parameter-list CRLF 1015 disposition-notification-parameter-list = 1016 disposition-notification-parameter 1017 *([FWS] ";" [FWS] disposition-notification-parameter) 1018 disposition-notification-parameter = attribute [FWS] "=" [FWS] 1019 importance [FWS] "," [FWS] value *([FWS] "," [FWS] value) 1020 importance = "required" / "optional" 1021 attribute = atom 1022 value = word 1023 original-recipient-header = 1024 "Original-Recipient" ":" OWS address-type OWS ";" OWS generic-address OWS CRLF 1026 Report content: 1027 disposition-notification-content = 1028 [ reporting-ua-field CRLF ] 1029 [ mdn-gateway-field CRLF ] 1030 [ original-recipient-field CRLF ] 1031 final-recipient-field CRLF 1032 [ original-message-id-field CRLF ] 1033 disposition-field CRLF 1034 *( failure-field CRLF ) 1035 *( error-field CRLF ) 1036 *( extension-field CRLF ) 1037 address-type = atom 1038 mta-name-type = atom 1039 reporting-ua-field = "Reporting-UA" ":" OWS ua-name OWS [ ";" OWS ua-product OWS ] 1040 ua-name = *text-no-semi 1041 ua-product = *([FWS] text) 1042 text-no-semi = %d1-9 / ; "text" characters excluding NUL, CR, 1043 %d11 / %d12 / %d14-58 / %d60-127 ; LF, or semi-colon 1044 mdn-gateway-field = "MDN-Gateway" ":" OWS mta-name-type OWS ";" OWS mta-name 1045 mta-name = *text 1046 original-recipient-field = 1047 "Original-Recipient" ":" OWS address-type OWS ";" OWS generic-address OWS 1049 generic-address = *text 1050 final-recipient-field = 1051 "Final-Recipient" ":" OWS address-type OWS ";" OWS generic-address OWS 1052 original-message-id-field = "Original-Message-ID" ":" msg-id 1053 disposition-field = 1054 "Disposition" ":" OWS disposition-mode OWS ";" 1055 OWS disposition-type 1056 [ OWS "/" OWS disposition-modifier 1057 *( OWS "," OWS disposition-modifier ) ] OWS 1058 disposition-mode = action-mode OWS "/" OWS sending-mode 1059 action-mode = "manual-action" / "automatic-action" 1060 sending-mode = "MDN-sent-manually" / "MDN-sent-automatically" 1061 disposition-type = "displayed" / "deleted" / "dispatched" / 1062 "processed" 1063 disposition-modifier = "error" / disposition-modifier-extension 1064 disposition-modifier-extension = atom 1065 failure-field = "Failure" ":" *([FWS] text) 1066 error-field = "Error" ":" *([FWS] text) 1067 extension-field = extension-field-name ":" *([FWS] text) 1068 extension-field-name = field-name 1070 8. Guidelines for Gatewaying MDNs 1072 NOTE: This section provides non-binding recommendations for the 1073 construction of mail gateways that wish to provide semi-transparent 1074 disposition notifications between the Internet and another electronic 1075 mail system. Specific MDN gateway requirements for a particular pair 1076 of mail systems may be defined by other documents. 1078 8.1. Gatewaying from other mail systems to MDNs 1080 A mail gateway may issue an MDN to convey the contents of a "foreign" 1081 disposition notification over Internet Mail. When there are 1082 appropriate mappings from the foreign notification elements to MDN 1083 fields, the information may be transmitted in those MDN fields. 1084 Additional information (such as might be needed to tunnel the foreign 1085 notification through the Internet) may be defined in extension MDN 1086 fields. (Such fields should be given names that identify the foreign 1087 mail protocol, e.g., X400-* for X.400 protocol elements). 1089 The gateway must attempt to supply reasonable values for the 1090 Reporting-UA, Final-Recipient, and Disposition fields. These will 1091 normally be obtained by translating the values from the foreign 1092 notification into their Internet-style equivalents. However, some 1093 loss of information is to be expected. 1095 The sender-specified recipient address and the original message-id, 1096 if present in the foreign notification, should be preserved in the 1097 Original-Recipient and Original-Message-ID fields. 1099 The gateway should also attempt to preserve the "final" recipient 1100 address from the foreign system. Whenever possible, foreign protocol 1101 elements should be encoded as meaningful printable ASCII strings. 1103 For MDNs produced from foreign disposition notifications, the name of 1104 the gateway MUST appear in the MDN-Gateway field of the MDN. 1106 8.2. Gatewaying from MDNs to other mail systems 1108 It may be possible to gateway MDNs from the Internet into a foreign 1109 mail system. The primary purpose of such gatewaying is to convey 1110 disposition information in a form that is usable by the destination 1111 system. A secondary purpose is to allow "tunneling" of MDNs through 1112 foreign mail systems in case the MDN may be gatewayed back into the 1113 Internet. 1115 In general, the recipient of the MDN (i.e., the sender of the 1116 original message) will want to know, for each recipient: the closest 1117 available approximation to the original recipient address, and the 1118 disposition (displayed, printed, etc.). 1120 If possible, the gateway should attempt to preserve the Original- 1121 Recipient address and Original-Message-ID (if present) in the 1122 resulting foreign disposition report. 1124 If it is possible to tunnel an MDN through the destination 1125 environment, the gateway specification may define a means of 1126 preserving the MDN information in the disposition reports used by 1127 that environment. 1129 8.3. Gatewaying of MDN-requests to other mail systems 1131 By use of the separate disposition-notification-to request header 1132 field, this specification offers a richer functionality than most, if 1133 not all, other email systems. In most other email systems, the 1134 notification recipient is identical to the message sender as 1135 indicated in the "from" address. There are two interesting cases 1136 when gatewaying into such systems: 1138 1. If the address in the disposition-notification-to header field is 1139 identical to the address in the SMTP "MAIL FROM", the expected 1140 behavior will result, even if the disposition-notification-to 1141 information is lost. Systems should propagate the MDN request. 1143 2. If the address in the disposition-notification-to header field is 1144 different from the address in the SMTP "MAIL FROM", gatewaying 1145 into a foreign system without a separate notification address 1146 will result in unintended behavior. This is especially important 1147 when the message arrives via a mailing list expansion software 1148 that may specifically replace the SMTP "MAIL FROM" address with 1149 an alternate address. In such cases, the MDN request should not 1150 be gatewayed and should be silently dropped. This is consistent 1151 with other forms of non-support for MDN. 1153 9. Example 1155 NOTE: This example is provided as illustration only, and is not 1156 considered part of the MDN protocol specification. If the example 1157 conflicts with the protocol definition above, the example is wrong. 1159 Likewise, the use of *-type subfield names or extension fields in 1160 this example is not to be construed as a definition for those type 1161 names or extension fields. 1163 This is an MDN issued after a message has been displayed to the user 1164 of an Internet Mail user agent. 1166 Date: Wed, 20 Sep 1995 00:19:00 (EDT) -0400 1167 From: Joe Recipient 1168 Message-Id: <199509200019.12345@example.com> 1169 Subject: Disposition notification 1170 To: Jane Sender 1171 MIME-Version: 1.0 1172 Content-Type: multipart/report; report-type=disposition-notification; 1173 boundary="RAA14128.773615765/example.com" 1175 --RAA14128.773615765/example.com 1177 The message sent on 1995 Sep 19 at 13:30:00 (EDT) -0400 to Joe 1178 Recipient with subject "First draft of 1179 report" has been displayed. 1180 This is no guarantee that the message has been read or understood. 1182 --RAA14128.773615765/example.com 1183 content-type: message/disposition-notification 1185 Reporting-UA: joes-pc.cs.example.com; Foomail 97.1 1186 Original-Recipient: rfc822;Joe_Recipient@example.com 1187 Final-Recipient: rfc822;Joe_Recipient@example.com 1188 Original-Message-ID: <199509192301.23456@example.org> 1189 Disposition: manual-action/MDN-sent-manually; displayed 1191 --RAA14128.773615765/example.com 1192 content-type: message/rfc822 1194 [original message optionally goes here] 1196 --RAA14128.773615765/example.com-- 1198 10. IANA Considerations 1200 This document specifies three types of parameters that must be 1201 registered with the Internet Assigned Numbers Authority (IANA). All 1202 of them use [14] "Specification required" IANA registration policy. 1204 The forms below are for use when registering a new disposition- 1205 notification-parameter name for the Disposition-Notification-Options 1206 header field, a new disposition modifier name, or a new MDN extension 1207 field. Each piece of information required by a registration form may 1208 be satisfied either by providing the information on the form itself, 1209 or by including a reference to a published, publicly available 1210 specification that includes the necessary information. IANA MAY 1211 reject registrations because of incomplete registration forms or 1212 incomplete specifications. 1214 To register, complete the following applicable form and send it via 1215 electronic mail to . 1217 10.1. Disposition-Notification-Options header field disposition- 1218 notification-parameter names 1220 A registration for a Disposition-Notification-Options header field 1221 disposition-notification-parameter name MUST include the following 1222 information: 1224 a. The proposed disposition-notification-parameter name. 1226 b. The syntax for disposition-notification-parameter values, 1227 specified using BNF, ABNF, regular expressions, or other non- 1228 ambiguous language. 1230 c. If disposition-notification-parameter values are not composed 1231 entirely of graphic characters from the US-ASCII repertoire, a 1232 specification for how they are to be encoded as graphic US-ASCII 1233 characters in a Disposition-Notification-Options header field. 1235 d. A reference to a permanent and readily available public 1236 specification that describes the semantics of the disposition- 1237 notification-parameter values. 1239 10.2. Disposition modifier names 1241 A registration for a disposition-modifier name (used in the 1242 Disposition field of a message/disposition-notification) MUST include 1243 the following information: 1245 a. The proposed disposition-modifier name. 1247 b. A reference to a permanent and readily available public 1248 specification that describes the semantics of the disposition 1249 modifier. 1251 10.3. MDN extension field names 1253 A registration for an MDN extension-field name MUST include the 1254 following information: 1256 a. The proposed extension field name. 1258 b. The syntax for extension values, specified using BNF, ABNF, 1259 regular expressions, or other non-ambiguous language. 1261 c. If extension-field values are not composed entirely of graphic 1262 characters from the US-ASCII repertoire, a specification for how 1263 they are to be encoded as graphic US-ASCII characters in a 1264 Disposition-Notification-Options header field. 1266 d. A reference to a permanent and readily available public 1267 specification that describes the semantics of the extension 1268 field. 1270 11. Acknowledgements 1272 The contributions of Bruce Lilly, Alfred Hoenes and Pete Resnick are 1273 gratefully acknowledged for this revision. 1275 The contributions of Roger Fajman and Greg Vaudreuil to earlier 1276 versions of this document are also gratefully acknowledged. 1278 12. References 1280 12.1. Normative References 1282 [1] Klensin, J., "Simple Mail Transfer Protocol", RFC 5321, 1283 DOI 10.17487/RFC5321, October 2008, 1284 . 1286 [2] Resnick, P., Ed., "Internet Message Format", RFC 5322, 1287 DOI 10.17487/RFC5322, October 2008, 1288 . 1290 [3] Freed, N. and N. Borenstein, "Multipurpose Internet Mail 1291 Extensions (MIME) Part One: Format of Internet Message 1292 Bodies", RFC 2045, DOI 10.17487/RFC2045, November 1996, 1293 . 1295 [4] Freed, N. and N. Borenstein, "Multipurpose Internet Mail 1296 Extensions (MIME) Part Two: Media Types", RFC 2046, 1297 DOI 10.17487/RFC2046, November 1996, 1298 . 1300 [5] Moore, K., "MIME (Multipurpose Internet Mail Extensions) 1301 Part Three: Message Header Extensions for Non-ASCII Text", 1302 RFC 2047, DOI 10.17487/RFC2047, November 1996, 1303 . 1305 [6] Vaudreuil, G., "The Multipart/Report Content Type for the 1306 Reporting of Mail System Administrative Messages", 1307 RFC 3462, DOI 10.17487/RFC3462, January 2003, 1308 . 1310 [7] Moore, K., "Simple Mail Transfer Protocol (SMTP) Service 1311 Extension for Delivery Status Notifications (DSNs)", 1312 RFC 3461, DOI 10.17487/RFC3461, January 2003, 1313 . 1315 [8] Moore, K. and G. Vaudreuil, "An Extensible Message Format 1316 for Delivery Status Notifications", RFC 3464, 1317 DOI 10.17487/RFC3464, January 2003, 1318 . 1320 [9] Bradner, S., "Key words for use in RFCs to Indicate 1321 Requirement Levels", BCP 14, RFC 2119, 1322 DOI 10.17487/RFC2119, March 1997, 1323 . 1325 [10] Melnikov, A., "Message Disposition Notification (MDN) 1326 profile for Internet Message Access Protocol (IMAP)", 1327 RFC 3503, DOI 10.17487/RFC3503, March 2003, 1328 . 1330 12.2. Informative References 1332 [11] Hoffman, P., Ed., "Enhanced Security Services for S/MIME", 1333 RFC 2634, DOI 10.17487/RFC2634, June 1999, 1334 . 1336 [12] Crispin, M., "INTERNET MESSAGE ACCESS PROTOCOL - VERSION 1337 4rev1", RFC 3501, DOI 10.17487/RFC3501, March 2003, 1338 . 1340 [13] Murchison, K., "Sieve Email Filtering: Subaddress 1341 Extension", RFC 5233, DOI 10.17487/RFC5233, January 2008, 1342 . 1344 [14] Narten, T. and H. Alvestrand, "Guidelines for Writing an 1345 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 1346 DOI 10.17487/RFC5226, May 2008, 1347 . 1349 [15] Hansen, T., Ed., Newman, C., and A. Melnikov, 1350 "Internationalized Delivery Status and Disposition 1351 Notifications", RFC 6533, DOI 10.17487/RFC6533, February 1352 2012, . 1354 Appendix A. Changes from RFC 3798 1356 Changeg IANA registration for different subregistries to 1357 "Specification Required" to match what is already used by IANA. 1359 The values of "dispatched" and "processed" were lost from the ABNF 1360 for "disposition-type". 1362 Because the warning disposition modifier was previously removed, 1363 warning-field has also been removed. 1365 The ABNF for ua-name and ua-product included semi-colon, which could 1366 not be distinguished from *text in the production. The ua-name was 1367 restricted to not include semi-colon. Semi-colon can still appear in 1368 the ua-product. 1370 The ABNF did not indicate all places that whitespace was allowable, 1371 in particular folding whitespace, although all implementations allow 1372 whitespace and folding in the header fields just like any other 1373 RFC5322 [2]-formatted header field. There were also a number of 1374 places in the ABNF that inconsistently permitted comments and 1375 whitespace in one leg of the production and not another. The ABNF 1376 now specifies FWS and CFWS in several places that should have already 1377 been specified by the grammar. 1379 Extension-field was defined in the collected grammar but not in the 1380 main text. 1382 The comparison of mailboxes in Disposition-Notification-To to the 1383 Return-Path addr-spec was clarified. 1385 The use of the grammar production "parameter" was confusing with the 1386 RFC2045 [3] production of the same name, as well as other uses of the 1387 same term. These have been clarified. 1389 A clarification was added on the extent of the 7bit nature of MDNs. 1391 Uses of the terms "may" and "might" were clarified. 1393 A clarification was added on the order of the fields in the message/ 1394 disposition-notification content. 1396 Authors' Addresses 1398 Tony Hansen (editor) 1399 AT&T Laboratories 1400 200 Laurel Ave. South 1401 Middletown, NJ 07748 1402 USA 1404 Email: tony+rfc3798@maillennium.att.com 1406 Alexey Melnikov (editor) 1407 Isode Ltd 1408 14 Castle Mews 1409 Hampton, Middlesex TW12 2NP 1410 UK 1412 Email: Alexey.Melnikov@isode.com