idnits 2.17.1 draft-ietf-appsawg-mdn-3798bis-11.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 14 instances of too long lines in the document, the longest one being 16 characters in excess of 72. -- The draft header indicates that this document obsoletes RFC3798, but the abstract doesn't seem to mention this, which it should. -- The draft header indicates that this document updates RFC3461, but the abstract doesn't seem to mention this, which it should. -- The draft header indicates that this document updates RFC2046, but the abstract doesn't seem to mention this, which it should. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords -- however, there's a paragraph with a matching beginning. Boilerplate error? (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: disposition-modifier-extension Disposition modifiers may be defined in the future by later revisions or extensions to this specification. MDN disposition value names MUST be registered with the Internet Assigned Numbers Authority (IANA) using "Specification required" registration policy. (See Section 10 for a registration form.) MDNs with disposition modifier names not understood by the receiving MUA MAY be silently ignored or placed in the user's mailbox without special interpretation. They MUST not cause any error message to be sent to the sender of the MDN. (Using the creation date from RFC2046, updated by this document, for RFC5378 checks: 1995-04-14) -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (August 4, 2016) is 2794 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'FWS' is mentioned on line 1106, but not defined == Missing Reference: 'CFWS' is mentioned on line 369, but not defined == Missing Reference: 'RFCXXX' is mentioned on line 492, but not defined == Missing Reference: 'RFCXXXX' is mentioned on line 524, but not defined ** Obsolete normative reference: RFC 3462 (Obsoleted by RFC 6522) -- Obsolete informational reference (is this intentional?): RFC 3501 (Obsoleted by RFC 9051) -- Obsolete informational reference (is this intentional?): RFC 5226 (Obsoleted by RFC 8126) Summary: 2 errors (**), 0 flaws (~~), 7 warnings (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group T. Hansen, Ed. 3 Internet-Draft AT&T Laboratories 4 Obsoletes: 3798 (if approved) A. Melnikov, Ed. 5 Updates: 2046, 3461 (if approved) Isode Ltd 6 Intended status: Standards Track August 4, 2016 7 Expires: February 5, 2017 9 Message Disposition Notification 10 draft-ietf-appsawg-mdn-3798bis-11.txt 12 Abstract 14 This memo defines a MIME content-type that may be used by a mail user 15 agent (MUA) or electronic mail gateway to report the disposition of a 16 message after it has been successfully delivered to a recipient. 17 This content-type is intended to be machine-processable. Additional 18 message header fields are also defined to permit Message Disposition 19 Notifications (MDNs) to be requested by the sender of a message. The 20 purpose is to extend Internet Mail to support functionality often 21 found in other messaging systems, such as X.400 and the proprietary 22 "LAN-based" systems, and often referred to as "read receipts," 23 "acknowledgements", or "receipt notifications." The intention is to 24 do this while respecting privacy concerns, which have often been 25 expressed when such functions have been discussed in the past. 27 Because many messages are sent between the Internet and other 28 messaging systems (such as X.400 or the proprietary "LAN-based" 29 systems), the MDN protocol is designed to be useful in a multi- 30 protocol messaging environment. To this end, the protocol described 31 in this memo provides for the carriage of "foreign" addresses, in 32 addition to those normally used in Internet Mail. Additional 33 attributes may also be defined to support "tunneling" of foreign 34 notifications through Internet Mail. 36 Status of This Memo 38 This Internet-Draft is submitted in full conformance with the 39 provisions of BCP 78 and BCP 79. 41 Internet-Drafts are working documents of the Internet Engineering 42 Task Force (IETF). Note that other groups may also distribute 43 working documents as Internet-Drafts. The list of current Internet- 44 Drafts is at http://datatracker.ietf.org/drafts/current/. 46 Internet-Drafts are draft documents valid for a maximum of six months 47 and may be updated, replaced, or obsoleted by other documents at any 48 time. It is inappropriate to use Internet-Drafts as reference 49 material or to cite them other than as "work in progress." 51 This Internet-Draft will expire on February 5, 2017. 53 Copyright Notice 55 Copyright (c) 2016 IETF Trust and the persons identified as the 56 document authors. All rights reserved. 58 This document is subject to BCP 78 and the IETF Trust's Legal 59 Provisions Relating to IETF Documents 60 (http://trustee.ietf.org/license-info) in effect on the date of 61 publication of this document. Please review these documents 62 carefully, as they describe your rights and restrictions with respect 63 to this document. Code Components extracted from this document must 64 include Simplified BSD License text as described in Section 4.e of 65 the Trust Legal Provisions and are provided without warranty as 66 described in the Simplified BSD License. 68 Table of Contents 70 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 71 1.1. Purposes . . . . . . . . . . . . . . . . . . . . . . . . 3 72 1.2. Requirements . . . . . . . . . . . . . . . . . . . . . . 4 73 1.3. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 74 2. Requesting Message Disposition Notifications . . . . . . . . 5 75 2.1. The Disposition-Notification-To Header . . . . . . . . . 5 76 2.2. The Disposition-Notification-Options Header . . . . . . . 7 77 2.3. The Original-Recipient Header Field . . . . . . . . . . . 8 78 2.4. Use with the Message/Partial Media Type . . . . . . . . . 9 79 3. Format of a Message Disposition Notification . . . . . . . . 10 80 3.1. The message/disposition-notification Media Type . . . . . 11 81 3.2. Message/disposition-notification Content Fields . . . . . 14 82 3.3. Extension-fields . . . . . . . . . . . . . . . . . . . . 20 83 4. Timeline of events . . . . . . . . . . . . . . . . . . . . . 21 84 5. Conformance and Usage Requirements . . . . . . . . . . . . . 22 85 6. Security Considerations . . . . . . . . . . . . . . . . . . . 23 86 6.1. Forgery . . . . . . . . . . . . . . . . . . . . . . . . . 23 87 6.2. Privacy . . . . . . . . . . . . . . . . . . . . . . . . . 23 88 6.3. Non-Repudiation . . . . . . . . . . . . . . . . . . . . . 24 89 6.4. Mail Bombing . . . . . . . . . . . . . . . . . . . . . . 24 90 7. Collected ABNF Grammar . . . . . . . . . . . . . . . . . . . 25 91 8. Guidelines for Gatewaying MDNs . . . . . . . . . . . . . . . 27 92 8.1. Gatewaying from other mail systems to MDNs . . . . . . . 27 93 8.2. Gatewaying from MDNs to other mail systems . . . . . . . 28 94 8.3. Gatewaying of MDN-requests to other mail systems . . . . 28 95 9. Example . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 96 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30 97 10.1. Disposition-Notification-Options header field 98 disposition-notification-parameter names . . . . . . . . 31 99 10.2. Disposition modifier names . . . . . . . . . . . . . . . 32 100 10.3. MDN extension field names . . . . . . . . . . . . . . . 32 101 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 32 102 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 33 103 12.1. Normative References . . . . . . . . . . . . . . . . . . 33 104 12.2. Informative References . . . . . . . . . . . . . . . . . 34 105 Appendix A. Changes from RFC 3798 . . . . . . . . . . . . . . . 35 106 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 36 108 1. Introduction 110 This memo defines a media type [RFC2046] for message disposition 111 notifications (MDNs). An MDN can be used to notify the sender of a 112 message of any of several conditions that may occur after successful 113 delivery, such as display of the message contents, printing of the 114 message, deletion (without display) of the message, or the 115 recipient's refusal to provide MDNs. The "message/disposition- 116 notification" content-type defined herein is intended for use within 117 the framework of the "multipart/report" content type defined in RFC- 118 REPORT [RFC3462]. 120 This memo defines the format of the notifications and the RFC-MSGFMT 121 [RFC5322] header fields used to request them. 123 This memo is an update to RFC 3798 and is intended to be published at 124 Internet Standard Level. 126 This memo is currently marked with the 'pre5378Trust200902' IPR 127 statements until a release has been obtained from all previous 128 authors and editors of this text. 130 1.1. Purposes 132 The MDNs defined in this memo are expected to serve several purposes: 134 a. Inform human beings of the disposition of messages after 135 successful delivery, in a manner that is largely independent of 136 human language; 138 b. Allow mail user agents to keep track of the disposition of 139 messages sent, by associating returned MDNs with earlier message 140 transmissions; 142 c. Convey disposition notification requests and disposition 143 notifications between Internet Mail and "foreign" mail systems 144 via a gateway; 146 d. Allow "foreign" notifications to be tunneled through a MIME- 147 capable message system and back into the original messaging 148 system that issued the original notification, or even to a third 149 messaging system; 151 e. Allow language-independent, yet reasonably precise, indications 152 of the disposition of a message to be delivered. 154 1.2. Requirements 156 These purposes place the following constraints on the notification 157 protocol: 159 a. It must be readable by humans, and must be machine-parsable. 161 b. It must provide enough information to allow message senders (or 162 their user agents) to unambiguously associate an MDN with the 163 message that was sent and the original recipient address for 164 which the MDN was issued (if such information is available), even 165 if the message was forwarded to another recipient address. 167 c. It must also be able to describe the disposition of a message 168 independent of any particular human language or of the 169 terminology of any particular mail system. 171 d. The specification must be extensible in order to accommodate 172 future requirements. 174 1.3. Terminology 176 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 177 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 178 document are to be interpreted as described in RFC-KEYWORDS 179 [RFC2119]. 181 All syntax descriptions use the ABNF specified by RFC-MSGFMT 182 [RFC5322], in which the lexical tokens (used below) are defined: 183 "CRLF", "FWS", "CFWS", "field-name", "mailbox-list", "msg-id", and 184 "text". The following lexical tokens are defined in RFC-SMTP 185 [RFC5321]: "atom". 187 2. Requesting Message Disposition Notifications 189 Message disposition notifications are requested by including a 190 Disposition-Notification-To header field in the message containing 191 one or more addresses specifying where dispositions should be sent. 192 Further information to be used by the recipient's Mail User Agent 193 (MUA) [RFC5598] in generating the MDN may be provided by also 194 including Original-Recipient and/or Disposition-Notification-Options 195 header fields in the message. 197 2.1. The Disposition-Notification-To Header 199 A request for the receiving user agent to issue message disposition 200 notifications is made by placing a Disposition-Notification-To header 201 field into the message. The syntax of the header field is 203 mdn-request-header = "Disposition-Notification-To" ":" mailbox-list CRLF 205 A Disposition-Notification-To header field can appear at most once in 206 a message. 208 The presence of a Disposition-Notification-To header field in a 209 message is merely a request for an MDN. The recipients' user agents 210 are always free to silently ignore such a request. 212 An MDN MUST NOT itself have a Disposition-Notification-To header 213 field. An MDN MUST NOT be generated in response to an MDN. 215 A user agent MUST NOT issue more than one MDN on behalf of each 216 particular recipient. That is, once an MDN has been issued on behalf 217 of a recipient, no further MDNs may be issued on behalf of that 218 recipient by the same user agent, even if another disposition is 219 performed on the message. However, if a message is forwarded, an MDN 220 may have been issued for the recipient doing the forwarding and the 221 recipient of the forwarded message may also cause an MDN to be 222 generated. 224 It is also possible that if the same message is being accessed by 225 multiple user agents (for example using POP3), then multiple 226 dispositions might be generated for the same recipient. User agents 227 SHOULD laverage support in the underlying message access protocol to 228 prevent multiple MDNs from being generated. In particular, when the 229 user agent is accessing the message using RFC-IMAP [RFC3501], it 230 SHOULD implement the procedures specified in RFC-IMAP-MDN [RFC3503]. 232 While Internet standards normally do not specify the behavior of user 233 interfaces, it is strongly recommended that the user agent obtain the 234 user's consent before sending an MDN. This consent could be obtained 235 for each message through some sort of prompt or dialog box, or 236 globally through the user's setting of a preference. The purpose of 237 obtaining user's consent is to protect user's privacy. If user's 238 consent is obtained through a preference, the default value should be 239 not to send MDNs. 241 MDNs MUST NOT be sent automatically if the address in the 242 Disposition-Notification-To header field differs from the address in 243 the Return-Path header field (see RFC-MSGFMT [RFC5322]). In this 244 case, confirmation from the user MUST be obtained, if possible. If 245 obtaining consent is not possible (e.g., because the user is not 246 online at the time or the client is not an interactive email client), 247 then an MDN MUST NOT be sent. 249 Confirmation from the user MUST be obtained (or no MDN sent) if there 250 is no Return-Path header field in the message, or if there is more 251 than one distinct address in the Disposition-Notification-To header 252 field. 254 The comparison of the addresses is done using only the addr-spec 255 (local-part "@" domain) portion, excluding any angle brackets, phrase 256 and route. As prescribed by RFC 5322, the comparison MUST be case- 257 sensitive for the local-part and case-insensitive for the domain 258 part. The local-part comparison SHOULD be done after performing 259 local-part canonicalization (i.e. after removing the surrounding 260 double-quote characters, if any, as well as any escaping "\" 261 characters. (See RFC-MSGFMT [RFC5322] for more details.) 262 Implementations MAY treat known domain aliases as equivalent for the 263 purpose of comparison. 265 Note that use of subaddressing (see [RFC5233]) can result in a 266 failure to match two local-parts and thus result in possible 267 suppression of the MDN. This document doesn't recommend special 268 handling for this case, as the receiving MUA can't reliably know 269 whether or not the sender is using subaddressing. 271 If the message contains more than one Return-Path header field, the 272 implementation may pick one to use for the comparison, or treat the 273 situation as a failure of the comparison. 275 The reason for not automatically sending an MDN if the comparison 276 fails or more than one address is specified is to reduce the 277 possibility of mail loops and of MDNs being used for mail bombing. 279 It's especially important that a message that contains a Disposition- 280 Notification-To header field also contain a Message-ID header field, 281 to permit user agents to automatically correlate MDNs with their 282 original messages. 284 If the request for message disposition notifications for some 285 recipients and not others is desired, two copies of the message 286 should be sent, one with a Disposition-Notification-To header field 287 and one without. Many of the other header fields of the message 288 (e.g., To, Cc) will be the same in both copies. The recipients in 289 the respective message envelopes determine from whom message 290 disposition notifications are requested and from whom they are not. 291 If desired, the Message-ID header field may be the same in both 292 copies of the message. Note that there are other situations (e.g., 293 Bcc) in which it is necessary to send multiple copies of a message 294 with slightly different header fields. The combination of such 295 situations and the need to request MDNs for a subset of all 296 recipients may result in more than two copies of a message being 297 sent, some with a Disposition-Notification-To header field and some 298 without. 300 If it is possible to determine that a recipient is a newsgroup, do 301 not include a Disposition-Notification-To header field for that 302 recipient. 304 2.2. The Disposition-Notification-Options Header 306 Extensions to this specification may require that information be 307 supplied to the recipient's MUA for additional control over how and 308 what MDNs are generated. The Disposition-Notification-Options header 309 field provides an extensible mechanism for such information. The 310 syntax of this header field is as follows: 312 Disposition-Notification-Options = 313 "Disposition-Notification-Options" ":" [FWS] 314 disposition-notification-parameter-list CRLF 316 disposition-notification-parameter-list = 317 disposition-notification-parameter 318 *([FWS] ";" [FWS] disposition-notification-parameter) 320 disposition-notification-parameter = attribute [FWS] "=" 321 [FWS] importance [FWS] "," [FWS] value *([FWS] "," [FWS] value) 323 importance = "required" / "optional" 325 attribute = atom 327 value = word 329 A Disposition-Notification-Options header field can appear at most 330 once in a message. 332 An importance of "required" indicates that interpretation of the 333 disposition-notification-parameter is necessary for proper generation 334 of an MDN in response to this request. An importance of "optional" 335 indicates that an MUA that does not understand the meaning of this 336 disposition-notification-parameter MAY generate an MDN in response 337 anyway, ignoring the value of the disposition-notification-parameter. 339 No disposition-notification-parameter attribute names are defined in 340 this specification. Attribute names may be defined in the future by 341 later revisions or extensions to this specification. disposition- 342 notification-parameter attribute names MUST be registered with the 343 Internet Assigned Numbers Authority (IANA) using "Specification 344 required" registration policy. Note that a previous version of this 345 specification reserved disposition-notification-parameter attribute 346 names beginning with "X-" for experimental use, but they can now be 347 registered. 348 (See Section 10 for a registration form.) 350 2.3. The Original-Recipient Header Field 352 Since electronic mail addresses may be rewritten while the message is 353 in transit, it is useful for the original recipient address to be 354 made available by the delivering Message Transfer Agent (MTA) 355 [RFC5598]. The delivering MTA may be able to obtain this information 356 from the ORCPT parameter of the SMTP RCPT TO command, as defined in 357 RFC-SMTP [RFC5321] and RFC-DSN-SMTP [RFC3461]. 359 RFC-DSN-SMTP [RFC3461] is amended as follows: If the ORCPT 360 information is available, the delivering MTA SHOULD insert an 361 Original-Recipient header field at the beginning of the message 362 (along with the Return-Path header field). The delivering MTA MAY 363 delete any other Original-Recipient header fields that occur in the 364 message. The syntax of this header field is as follows: 366 original-recipient-header = 367 "Original-Recipient" ":" OWS address-type OWS ";" OWS generic-address OWS 369 OWS = [CFWS] 370 ; Optional whitespace. 371 ; MDN generators SHOULD use "*WSP" 372 ; (typically a single space or nothing. 373 ; It SHOULD be nothing at the end of a field), 374 ; unless an RFC 5322 "comment" is required. 375 ; 376 ; MDN parsers MUST parse it as "[CFWS]". 378 The address-type and generic-address token are as specified in the 379 description of the Original-Recipient field in Section 3.2.3. 381 The purpose of carrying the original recipient information and 382 returning it in the MDN is to permit automatic correlation of MDNs 383 with the original message on a per-recipient basis. 385 2.4. Use with the Message/Partial Media Type 387 The use of the header fields Disposition-Notification-To, 388 Disposition-Notification-Options, and Original-Recipient with the 389 MIME message/partial content type (RFC-MIME-MEDIA [RFC2046]]) 390 requires further definition. 392 When a message is segmented into two or more message/partial 393 fragments, the three header fields mentioned in the above paragraph 394 SHOULD be placed in the "inner" or "enclosed" message (using the 395 terms of RFC-MIME-MEDIA [RFC2046]). If these header fields are found 396 in the header fields of any of the fragments, they are ignored. 398 When the multiple message/partial fragments are reassembled, the 399 following applies. If these header fields occur along with the other 400 header fields of a message/partial fragment message, they pertain to 401 an MDN that will be generated for the fragment. If these header 402 fields occur in the header fields of the "inner" or "enclosed" 403 message (using the terms of RFC-MIME-MEDIA [RFC2046]), they pertain 404 to an MDN that will be generated for the reassembled message. 405 Section 5.2.2.1 of RFC-MIME-MEDIA [RFC2046]) is amended to specify 406 that, in addition to the header fields specified there, the three 407 header fields described in this specification are to be appended, in 408 order, to the header fields of the reassembled message. Any 409 occurrences of the three header fields defined here in the header 410 fields of the initial enclosing message MUST NOT be copied to the 411 reassembled message. 413 3. Format of a Message Disposition Notification 415 A message disposition notification is a MIME message with a top-level 416 content-type of multipart/report (defined in RFC-REPORT [RFC3462]). 417 When multipart/report content is used to transmit an MDN: 419 a. The report-type parameter of the multipart/report content is 420 "disposition-notification". 422 b. The first component of the multipart/report contains a human- 423 readable explanation of the MDN, as described in RFC-REPORT 424 [RFC3462]. 426 c. The second component of the multipart/report is of content-type 427 message/disposition-notification, described in Section 3.1 of 428 this document. 430 d. If the original message or a portion of the message is to be 431 returned to the sender, it appears as the third component of the 432 multipart/report. The decision of whether or not to return the 433 message or part of the message is up to the MUA generating the 434 MDN. However, in the case of encrypted messages requesting MDNs, 435 encrypted message text MUST be returned, if it is returned at 436 all, only in its original encrypted form. 438 NOTE: For message disposition notifications gatewayed from foreign 439 systems, the header fields of the original message may not be 440 available. In this case, the third component of the MDN may be 441 omitted, or it may contain "simulated" RFC-MSGFMT [RFC5322] header 442 fields that contain equivalent information. In particular, it is 443 very desirable to preserve the subject and date fields from the 444 original message. 446 The MDN MUST be addressed (in both the message header field and the 447 transport envelope) to the address(es) from the Disposition- 448 Notification-To header field from the original message for which the 449 MDN is being generated. 451 The From header field of the MDN MUST contain the address of the 452 person for whom the message disposition notification is being issued. 454 The envelope sender address (i.e., SMTP "MAIL FROM") of the MDN MUST 455 be null (<>), specifying that no Delivery Status Notification 456 messages nor other messages indicating successful or unsuccessful 457 delivery are to be sent in response to an MDN. 459 A message disposition notification MUST NOT itself request an MDN. 460 That is, it MUST NOT contain a Disposition-Notification-To header 461 field. 463 The Message-ID header field (if present) for an MDN MUST be different 464 from the Message-ID of the message for which the MDN is being issued. 466 A particular MDN describes the disposition of exactly one message for 467 exactly one recipient. Multiple MDNs may be generated as a result of 468 one message submission, one per recipient. However, due to the 469 circumstances described in Section 2.1, it's possible that some of 470 the recipients for whom MDNs were requested will not generate MDNs. 472 3.1. The message/disposition-notification Media Type 474 The message/disposition-notification Media Type is defined as 475 follows: 477 Type name: message 479 Subtype name: disposition-notification 481 Required parameters: none 483 Optional parameters: none 485 Encoding considerations: "7bit" encoding is sufficient and MUST be 486 used to maintain readability when viewed by non- 487 MIME mail readers. 489 Security considerations: discussed in Section 6 of [RFCXXX]. 491 Interoperability considerations: none 492 Published specification: [RFCXXX] 494 Applications that use this media type: Mail Transfer Agents and 495 email clients that support multipart/report 496 generation and/or parsing. 498 Fragment identifier considerations: N/A 500 Additional information: 502 Deprecated alias names for this type: N/A 504 Magic number(s): none 506 File extension(s): .disposition-notification 508 Macintosh file type code(s): The 'TEXT' type 509 code is suggested as files of this type are 510 typically used for diagnostic purposes and 511 suitable for analysis in a text editor. A 512 uniform type identifier (UTI) of "public.utf8- 513 email-message-header" is suggested. This type 514 conforms to "public.plain-text". 516 Person & email address to contact for further information: See the 517 Authors' Addresses section of [RFCXXXX] 519 Intended usage: COMMON 521 Restrictions on usage: This media type contains textual data in the 522 US-ASCII charset, which is always 7-bit. 524 Author: See the Authors' Addresses section of [RFCXXXX] 526 Change controller: IETF 528 Provisional registration? no 529 (While the 7bit restriction applies to the message/disposition- 530 notification portion of the multipart/report content, it does not 531 apply to the optional third portion of the multipart/report content.) 533 The message/disposition-notification report type for use in the 534 multipart/report is "disposition-notification". 536 The body of a message/disposition-notification consists of one or 537 more "fields" formatted according to the ABNF of RFC-MSGFMT [RFC5322] 538 header "fields". The syntax of the message/disposition-notification 539 content is as follows: 541 disposition-notification-content = [ reporting-ua-field CRLF ] 542 [ mdn-gateway-field CRLF ] 543 [ original-recipient-field CRLF ] 544 final-recipient-field CRLF 545 [ original-message-id-field CRLF ] 546 disposition-field CRLF 547 *( failure-field CRLF ) 548 *( error-field CRLF ) 549 *( extension-field CRLF ) 551 extension-field = extension-field-name ":" *([FWS] text) 553 extension-field-name = field-name 555 Note that the order of the above fields is recommended, but not 556 fixed. Extension fields can appear anywhere. 558 3.1.1. General conventions for fields 560 Since these fields are defined according to the rules of RFC-MSGFMT 561 [RFC5322], the same conventions for continuation lines and comments 562 apply. Notification fields may be continued onto multiple lines by 563 beginning each additional line with a SPACE or HTAB. Text that 564 appears in parentheses is considered a comment and not part of the 565 contents of that notification field. Field names are case- 566 insensitive, so the names of notification fields may be spelled in 567 any combination of upper and lower case letters. [RFC5322] comments 568 in notification fields may use the "encoded-word" construct defined 569 in RFC-MIME-HEADER [RFC2047]. 571 3.1.2. "*-type" subfields 573 Several fields consist of a "-type" subfield, followed by a semi- 574 colon, followed by "*text". 576 For these fields, the keyword used in the address-type or MTA-type 577 subfield indicates the expected format of the address or MTA-name 578 that follows. 580 The "-type" subfields are defined as follows: 582 a. An "address-type" specifies the format of a mailbox address. For 583 example, Internet Mail addresses use the "rfc822" address-type. 584 Other values can appear in this field as specified in the 585 "Address Types" IANA subregistry established by RFC-DSN-FORMAT 586 [RFC3464]. 588 address-type = atom 590 atom = 592 b. An "MTA-name-type" specifies the format of a mail transfer agent 593 name. For example, for an SMTP server on an Internet host, the 594 MTA name is the domain name of that host, and the "dns" MTA-name- 595 type is used. Other values can appear in this field as specified 596 in the "MTA Name Types" IANA subregistry established by RFC-DSN- 597 FORMAT [RFC3464]. 599 mta-name-type = atom 601 Values for address-type and mta-name-type are case-insensitive. 602 Thus, address-type values of "RFC822" and "rfc822" are equivalent. 604 The Internet Assigned Numbers Authority (IANA) maintains a registry 605 of address-type and mta-name-type values, along with descriptions of 606 the meanings of each, or a reference to one or more specifications 607 that provide such descriptions. (The "rfc822" address-type is 608 defined in RFC-DSN-SMTP [RFC3461].) Registration forms for address- 609 type and mta-name-type appear in RFC-DSN-FORMAT [RFC3464]. 611 3.2. Message/disposition-notification Content Fields 613 3.2.1. The Reporting-UA field 614 reporting-ua-field = "Reporting-UA" ":" OWS ua-name OWS [ ";" OWS ua-product OWS ] 616 ua-name = *text-no-semi 618 ua-product = *([FWS] text) 620 text-no-semi = %d1-9 / ; "text" characters excluding NUL, CR, 621 %d11 / %d12 / %d14-58 / %d60-127 ; LF, or semi-colon 623 The Reporting-UA field is defined as follows: 625 An MDN describes the disposition of a message after it has been 626 delivered to a recipient. In all cases, the Reporting-UA is the MUA 627 that performed the disposition described in the MDN. This field is 628 optional, but recommended. For Internet Mail user agents, it is 629 recommended that this field contain both: the DNS name of the 630 particular instance of the MUA that generated the MDN, and the name 631 of the product. For example, 633 Reporting-UA: pc.example.com; Foomail 97.1 635 If the reporting MUA consists of more than one component (e.g., a 636 base program and plug-ins), this may be indicated by including a list 637 of product names. 639 3.2.2. The MDN-Gateway field 641 The MDN-Gateway field indicates the name of the gateway or MTA that 642 translated a foreign (non-Internet) message disposition notification 643 into this MDN. This field MUST appear in any MDN that was translated 644 by a gateway from a foreign system into MDN format, and MUST NOT 645 appear otherwise. 647 mdn-gateway-field = "MDN-Gateway" ":" OWS mta-name-type OWS ";" OWS mta-name OWS 649 mta-name = *text 651 For gateways into Internet Mail, the MTA-name-type will normally be 652 "dns", and the mta-name will be the Internet domain name of the 653 gateway. 655 3.2.3. Original-Recipient field 657 The Original-Recipient field indicates the original recipient address 658 as specified by the sender of the message for which the MDN is being 659 issued. For Internet Mail messages, the value of the Original- 660 Recipient field is obtained from the Original-Recipient header field 661 from the message for which the MDN is being generated. If there is 662 an Original-Recipient header field in the message, or if information 663 about the original recipient is reliably available some other way, 664 then the Original-Recipient field MUST be included. Otherwise, the 665 Original-Recipient field MUST NOT be included. If there is more than 666 one Original-Recipient header field in the message, the MUA may 667 choose the one to use, or act as if no Original-Recipient header 668 field is present. 670 original-recipient-field = 671 "Original-Recipient" ":" OWS address-type OWS ";" OWS generic-address OWS 673 generic-address = *text 675 The address-type field indicates the type of the original recipient 676 address. If the message originated within the Internet, the address- 677 type field will normally be "rfc822", and the address will be 678 according to the syntax specified in RFC-MSGFMT [RFC5322]. The value 679 "unknown" should be used if the Reporting MUA cannot determine the 680 type of the original recipient address from the message envelope. 681 This address is the same as that provided by the sender and can be 682 used to automatically correlate MDN reports with original messages on 683 a per recipient basis. 685 3.2.4. Final-Recipient field 687 The Final-Recipient field indicates the recipient for which the MDN 688 is being issued. This field MUST be present. 690 The syntax of the field is as follows: 692 final-recipient-field = 693 "Final-Recipient" ":" OWS address-type OWS ";" OWS generic-address OWS 695 The generic-address subfield of the Final-Recipient field MUST 696 contain the mailbox address of the recipient (from the From header 697 field of the MDN) as it was when the MDN was generated by the MUA. 699 The Final-Recipient address may differ from the address originally 700 provided by the sender, because it may have been transformed during 701 forwarding and gatewaying into a totally unrecognizable mess. 702 However, in the absence of the optional Original-Recipient field, the 703 Final-Recipient field and any returned content may be the only 704 information available with which to correlate the MDN with a 705 particular message recipient. 707 The address-type subfield indicates the type of address expected by 708 the reporting MTA in that context. Recipient addresses obtained via 709 SMTP will normally be of address-type "rfc822", but can be other 710 values from the "Address Types" subregistry of the "Delivery Status 711 Notification (DSN) Types" IANA registry. 713 Since mailbox addresses (including those used in the Internet) may be 714 case sensitive, the case of alphabetic characters in the address MUST 715 be preserved. 717 3.2.5. Original-Message-ID field 719 The Original-Message-ID field indicates the message-ID of the message 720 for which the MDN is being issued. It is obtained from the Message- 721 ID header field of the message for which the MDN is issued. This 722 field MUST be present if and only if the original message contained a 723 Message-ID header field. The syntax of the field is as follows: 725 original-message-id-field = 726 "Original-Message-ID" ":" msg-id 728 The msg-id token is as specified in RFC-MSGFMT [RFC5322]. 730 3.2.6. Disposition field 732 The Disposition field indicates the action performed by the 733 Reporting-MUA on behalf of the user. This field MUST be present. 735 The syntax for the Disposition field is: 737 disposition-field = 738 "Disposition" ":" OWS disposition-mode OWS ";" 739 OWS disposition-type 740 [ OWS "/" OWS disposition-modifier 741 *( OWS "," OWS disposition-modifier ) ] OWS 743 disposition-mode = action-mode OWS "/" OWS sending-mode 745 action-mode = "manual-action" / "automatic-action" 747 sending-mode = "MDN-sent-manually" / "MDN-sent-automatically" 749 disposition-type = "displayed" / "deleted" / "dispatched" / 750 "processed" 752 disposition-modifier = "error" / disposition-modifier-extension 754 disposition-modifier-extension = atom 755 The disposition-mode, disposition-type, and disposition-modifier 756 values may be spelled in any combination of upper and lower case US- 757 ASCII characters. 759 3.2.6.1. Disposition modes 761 Disposition mode consists of 2 parts: action mode and sending mode. 763 The following action modes are defined: 765 "manual-action" The disposition described by the disposition type 766 was a result of an explicit instruction by the 767 user rather than some sort of automatically 768 performed action. (This might include the case 769 when the user has manually configured her MUA to 770 automatically respond to valid MDN requests.) 771 Unless prescribed otherwise in a particular mail 772 environment, in order to preserve user's privacy, 773 this MUST be the default for MUAs. 775 "automatic-action" The disposition described by the disposition type 776 was a result of an automatic action, rather than 777 an explicit instruction by the user for this 778 message. This is typically generated by a Mail 779 Delivery Agent (e.g. MDN generations by Sieve 780 reject action [RFC5429], Fax-over-Email 781 [RFC3249], Voice Messaging System (VPIM) 782 [RFC3801] or upon delivery to a mailing list). 784 "Manual-action" and "automatic-action" are mutually exclusive. One 785 or the other MUST be specified. 787 The following sending modes are defined: 789 "MDN-sent-manually" The user explicitly gave permission for this 790 particular MDN to be sent. Unless prescribed 791 otherwise in a particular mail environment, in 792 order to preserve user's privacy, this MUST be 793 the default for MUAs. 795 "MDN-sent-automatically" The MDN was sent because the MUA had 796 previously been configured to do so 797 automatically. 799 "MDN-sent-manually" and "MDN-sent-automatically" are mutually 800 exclusive. One or the other MUST be specified. 802 3.2.6.2. Disposition types 804 The following disposition-types are defined: 806 "displayed" The message has been displayed by the MUA to 807 someone reading the recipient's mailbox. There 808 is no guarantee that the content has been read or 809 understood. 811 "dispatched" The message has been sent somewhere in some 812 manner (e.g., printed, faxed, forwarded) without 813 necessarily having been previously displayed to 814 the user. The user may or may not see the 815 message later. 817 "processed" The message has been processed in some manner 818 (i.e., by some sort of rules or server) without 819 being displayed to the user. The user may or may 820 not see the message later, or there may not even 821 be a human user associated with the mailbox. 823 "deleted" The message has been deleted. The recipient may 824 or may not have seen the message. The recipient 825 might "undelete" the message at a later time and 826 read the message. 828 3.2.6.3. Disposition modifiers 830 Only the extension disposition modifiers is defined: 832 disposition-modifier-extension 833 Disposition modifiers may be defined in the 834 future by later revisions or extensions to this 835 specification. MDN disposition value names MUST 836 be registered with the Internet Assigned Numbers 837 Authority (IANA) using "Specification required" 838 registration policy. (See Section 10 for a 839 registration form.) MDNs with disposition 840 modifier names not understood by the receiving 841 MUA MAY be silently ignored or placed in the 842 user's mailbox without special interpretation. 843 They MUST not cause any error message to be sent 844 to the sender of the MDN. 846 It is not required that an MUA be able to generate all of the 847 possible values of the Disposition field. 849 A user agent MUST NOT issue more than one MDN on behalf of each 850 particular recipient. That is, once an MDN has been issued on behalf 851 of a recipient, no further MDNs may be issued on behalf of that 852 recipient, even if another disposition is performed on the message. 853 However, if a message is forwarded, a "dispatched" MDN MAY be issued 854 for the recipient doing the forwarding and the recipient of the 855 forwarded message may also cause an MDN to be generated. 857 3.2.7. Failure and Error Fields 859 The Failure and Error fields are used to supply additional 860 information in the form of text messages when the "error" disposition 861 modifier appear. The syntax is as follows: 863 failure-field = "Failure" ":" *([FWS] text) 865 error-field = "Error" ":" *([FWS] text) 867 Note that syntax of these header fields doesn't include comments, so 868 "encoded-word" construct defined in RFC-MIME-HEADER [RFC2047] can't 869 be used to convey non ASCII text. Application that need to convey 870 non ASCII text in these fields should consider implementing message/ 871 global-disposition-notification media type specified in [RFC6533] 872 instead of this specification. 874 3.3. Extension-fields 876 Additional MDN fields may be defined in the future by later revisions 877 or extensions to this specification. MDN field names MUST be 878 registered with the Internet Assigned Numbers Authority (IANA) using 879 "Specification required" registration policy. (See Section 10 for a 880 registration form.) MDN Extension-fields may be defined for the 881 following reasons: 883 a. To allow additional information from foreign disposition reports 884 to be tunneled through Internet MDNs. The names of such MDN 885 fields should begin with an indication of the foreign environment 886 name (e.g., X400-Physical-Forwarding-Address). 888 b. To allow transmission of diagnostic information that is specific 889 to a particular mail user agent (MUA). The names of such MDN 890 fields should begin with an indication of the MUA implementation 891 that produced the MDN (e.g., Foomail-information). 893 4. Timeline of events 895 The following timeline shows when various events in the processing of 896 a message and generation of MDNs take place: 898 -- User composes message 900 -- User tells MUA to send message. 902 -- MUA passes message to Mail Submission Agent (MSA), original 903 recipient information passed along. 905 -- MSA sends message to next MTA. 907 -- Final MTA receives message. 909 -- Final MTA delivers message to recipient's mailbox (possibly 910 generating a Delivery Status Notification (DSN)). 912 -- (Recipient's) MUA discovers a new message in recipient's mailbox 913 and decides whether an MDN should be generated. If the MUA has 914 information that an MDN has been generated for this message, no 915 further MDN processing described below is performed. If MUA 916 decides that no MDN can be generated, no further MDN processing 917 described below is performed. 919 -- MUA performs automatic processing and might generate corresponding 920 MDNs ("dispatched", "processed" or "deleted" disposition type with 921 "automatic-action" and "MDN-sent-automatically" disposition 922 modes). The MUA remembers that an MDN was generated. 924 -- MUA displays list of messages to user. 926 -- User selects a message and requests that some action be performed 927 on it. 929 -- MUA performs requested action; if an automatic MDN has not already 930 been generated, with user's permission, sends an appropriate MDN 931 ("displayed", "dispatched", "processed", or "deleted" disposition 932 type, with "manual-action" and "MDN-sent-manually" or "MDN-sent- 933 automatically" disposition mode). The MUA remembers that an MDN 934 was generated. 936 -- User possibly performs other actions on message, but no further 937 MDNs are generated. 939 5. Conformance and Usage Requirements 941 An MUA or gateway conforms to this specification if it generates MDNs 942 according to the protocol defined in this memo. It is not necessary 943 to be able to generate all of the possible values of the Disposition 944 field. 946 MUAs and gateways MUST NOT generate the Original-Recipient field of 947 an MDN unless the mail protocols provide the address originally 948 specified by the sender at the time of submission. Ordinary SMTP 949 does not make that guarantee, but the SMTP extension defined in RFC- 950 DSN-SMTP [RFC3461] permits such information to be carried in the 951 envelope if it is available. The Original-Recipient header field 952 defined in this document provides a way for the MTA to pass the 953 original recipient address to the MUA. 955 Each sender-specified recipient address may result in more than one 956 MDN. If an MDN is requested for a recipient that is forwarded to 957 multiple recipients of an "alias" (as defined in RFC-DSN-SMTP 958 [RFC3461], section 6.2.7.3), each of the recipients may issue an MDN. 960 Successful distribution of a message to a mailing list exploder 961 SHOULD be considered the final disposition of the message. A mailing 962 list exploder MAY issue an MDN with a disposition type of "processed" 963 and disposition modes of "automatic-action" and "MDN-sent- 964 automatically" indicating that the message has been forwarded to the 965 list. In this case, the request for MDNs is not propagated to the 966 members of the list. 968 Alternatively (if successful distribution of a message to a mailing 969 list exploder is not considered the final disposition of the 970 message), the mailing list exploder can issue no MDN and propagate 971 the request for MDNs to all members of the list. The latter behavior 972 is not recommended for any but small, closely knit lists, as it might 973 cause large numbers of MDNs to be generated and may cause 974 confidential subscribers to the list to be revealed. The mailing 975 list exploder can also direct MDNs to itself, correlate them, and 976 produce a report to the original sender of the message. 978 This specification places no restrictions on the processing of MDNs 979 received by user agents or mailing lists. 981 6. Security Considerations 983 The following security considerations apply when using MDNs: 985 6.1. Forgery 987 MDNs can be (and are, in practice) forged as easily as ordinary 988 Internet electronic mail. User agents and automatic mail handling 989 facilities (such as mail distribution list exploders) that wish to 990 make automatic use of MDNs should take appropriate precautions to 991 minimize the potential damage from denial-of-service attacks. 993 Security threats related to forged MDNs include the sending of: 995 a. A falsified disposition notification when the indicated 996 disposition of the message has not actually occurred, 998 b. Unsolicited MDNs 1000 6.2. Privacy 1002 Another dimension of security is privacy. There may be cases in 1003 which a message recipient does not wish the disposition of messages 1004 addressed to him to be known, or is concerned that the sending of 1005 MDNs may reveal other sensitive information (e.g., when the message 1006 was read). In this situation, it is acceptable for the MUA to 1007 silently ignore requests for MDNs. 1009 If the Disposition-Notification-To header field is passed on 1010 unmodified when a message is distributed to the subscribers of a 1011 mailing list, the subscribers to the list may be revealed to the 1012 sender of the original message by the generation of MDNs. 1014 Headers of the original message returned in part 3 of the multipart/ 1015 report could reveal confidential information about host names and/or 1016 network topology inside a firewall. 1018 Disposition mode (Section 3.2.6.1) can leak information about 1019 recipient's MUA configuration, in particular whether MDNs are 1020 acknowledged manually or automatically. If this is a concern, MUAs 1021 can return "manual-action/MDN-sent-manually" disposition mode in 1022 generated MDNs. 1024 An unencrypted MDN could reveal confidential information about an 1025 encrypted message, especially if all or part of the original message 1026 is returned in part 3 of the multipart/report. Encrypted MDNs are 1027 not defined in this specification. 1029 In general, any optional MDN field may be omitted if the Reporting 1030 MUA site or user determines that inclusion of the field would impose 1031 too great a compromise of site confidentiality. The need for such 1032 confidentiality must be balanced against the utility of the omitted 1033 information in MDNs. 1035 In some cases, someone with access to the message stream may use the 1036 MDN request mechanism to monitor the mail reading habits of a target. 1037 If the target is known to generate MDN reports, they could add a 1038 disposition-notification-to field containing the envelope from 1039 address along with a source route. The source route is ignored in 1040 the comparison so the addresses will always match. But if the source 1041 route is honored when the notification is sent, it could direct the 1042 message to some other destination. This risk can be minimized by not 1043 sending MDN's automatically. 1045 6.3. Non-Repudiation 1047 MDNs do not provide non-repudiation with proof of delivery. Within 1048 the framework of today's Internet Mail, the MDNs defined in this 1049 document provide valuable information to the mail user; however, MDNs 1050 cannot be relied upon as a guarantee that a message was or was not 1051 seen by the recipient. Even if MDNs are not actively forged, they 1052 may be lost in transit. The recipient may bypass the MDN issuing 1053 mechanism in some manner. 1055 One possible solution for this purpose can be found in RFC-SEC- 1056 SERVICES [RFC2634]. 1058 6.4. Mail Bombing 1060 The MDN request mechanism introduces an additional way of mailbombing 1061 a mailbox. The MDN request notification provides an address to which 1062 MDN's should be sent. It is possible for an attacking agent to send 1063 a potentially large set of messages to otherwise unsuspecting third 1064 party recipients with a false "disposition-notification-to:" address. 1065 Automatic, or simplistic processing of such requests would result in 1066 a flood of MDN notifications to the target of the attack. Such an 1067 attack could overrun the capacity of the targeted mailbox and deny 1068 service. 1070 For that reason, MDN's SHOULD NOT be sent automatically where the 1071 "disposition-notification-to:" address is different from the SMTP 1072 "MAIL FROM" address (which is carried in the Return-Path header 1073 field). See Section 2.1 for further discussion. 1075 7. Collected ABNF Grammar 1077 NOTE: The following lexical tokens are defined in RFC-MSGFMT 1078 [RFC5322]: CRLF, FWS, CFWS, field-name, mailbox-list, msg-id, text, 1079 comment, word. The following lexical tokens are defined in RFC-SMTP 1080 [RFC5321]: atom. (Note that RFC-MSGFMT [RFC5322] also defines 1081 "atom", but the version from RFC-SMTP [RFC5321] is more restrictive 1082 and this more restrictive version is used in this document.) 1083 "encoded-word" construct defined in RFC-MIME-HEADER [RFC2047] is 1084 allowed everywhere where RFC-MSGFMT [RFC5322] "comment" is used, for 1085 example in CFWS. 1087 OWS = [CFWS] 1088 ; Optional whitespace. 1089 ; MDN generators SHOULD use "*WSP" 1090 ; (typically a single space or nothing. 1091 ; It SHOULD be nothing at the end of a field), 1092 ; unless an RFC 5322 "comment" is required. 1093 ; 1094 ; MDN parsers MUST parse it as "[CFWS]". 1096 Message header fields: 1097 mdn-request-header = 1098 "Disposition-Notification-To" ":" mailbox-list CRLF 1100 Disposition-Notification-Options = 1101 "Disposition-Notification-Options" ":" [FWS] 1102 disposition-notification-parameter-list CRLF 1104 disposition-notification-parameter-list = 1105 disposition-notification-parameter 1106 *([FWS] ";" [FWS] disposition-notification-parameter) 1108 disposition-notification-parameter = attribute [FWS] "=" [FWS] 1109 importance [FWS] "," [FWS] value *([FWS] "," [FWS] value) 1111 importance = "required" / "optional" 1113 attribute = atom 1114 value = word 1116 original-recipient-header = 1117 "Original-Recipient" ":" OWS address-type OWS ";" OWS generic-address OWS CRLF 1119 Report content: 1120 disposition-notification-content = 1121 [ reporting-ua-field CRLF ] 1122 [ mdn-gateway-field CRLF ] 1123 [ original-recipient-field CRLF ] 1124 final-recipient-field CRLF 1125 [ original-message-id-field CRLF ] 1126 disposition-field CRLF 1127 *( failure-field CRLF ) 1128 *( error-field CRLF ) 1129 *( extension-field CRLF ) 1131 address-type = atom 1133 mta-name-type = atom 1135 reporting-ua-field = "Reporting-UA" ":" OWS ua-name OWS [ ";" OWS ua-product OWS ] 1137 ua-name = *text-no-semi 1139 ua-product = *([FWS] text) 1141 text-no-semi = %d1-9 / ; "text" characters excluding NUL, CR, 1142 %d11 / %d12 / %d14-58 / %d60-127 ; LF, or semi-colon 1144 mdn-gateway-field = "MDN-Gateway" ":" OWS mta-name-type OWS ";" OWS mta-name 1146 mta-name = *text 1148 original-recipient-field = 1149 "Original-Recipient" ":" OWS address-type OWS ";" OWS generic-address OWS 1151 generic-address = *text 1153 final-recipient-field = 1154 "Final-Recipient" ":" OWS address-type OWS ";" OWS generic-address OWS 1156 original-message-id-field = "Original-Message-ID" ":" msg-id 1158 disposition-field = 1159 "Disposition" ":" OWS disposition-mode OWS ";" 1160 OWS disposition-type 1161 [ OWS "/" OWS disposition-modifier 1162 *( OWS "," OWS disposition-modifier ) ] OWS 1164 disposition-mode = action-mode OWS "/" OWS sending-mode 1166 action-mode = "manual-action" / "automatic-action" 1168 sending-mode = "MDN-sent-manually" / "MDN-sent-automatically" 1170 disposition-type = "displayed" / "deleted" / "dispatched" / 1171 "processed" 1173 disposition-modifier = "error" / disposition-modifier-extension 1175 disposition-modifier-extension = atom 1177 failure-field = "Failure" ":" *([FWS] text) 1179 error-field = "Error" ":" *([FWS] text) 1181 extension-field = extension-field-name ":" *([FWS] text) 1183 extension-field-name = field-name 1185 8. Guidelines for Gatewaying MDNs 1187 NOTE: This section provides non-binding recommendations for the 1188 construction of mail gateways that wish to provide semi-transparent 1189 disposition notifications between the Internet and another electronic 1190 mail system. Specific MDN gateway requirements for a particular pair 1191 of mail systems may be defined by other documents. 1193 8.1. Gatewaying from other mail systems to MDNs 1195 A mail gateway may issue an MDN to convey the contents of a "foreign" 1196 disposition notification over Internet Mail. When there are 1197 appropriate mappings from the foreign notification elements to MDN 1198 fields, the information may be transmitted in those MDN fields. 1199 Additional information (such as might be needed to tunnel the foreign 1200 notification through the Internet) may be defined in extension MDN 1201 fields. (Such fields should be given names that identify the foreign 1202 mail protocol, e.g., X400-* for X.400 protocol elements). 1204 The gateway must attempt to supply reasonable values for the 1205 Reporting-UA, Final-Recipient, and Disposition fields. These will 1206 normally be obtained by translating the values from the foreign 1207 notification into their Internet-style equivalents. However, some 1208 loss of information is to be expected. 1210 The sender-specified recipient address and the original message-id, 1211 if present in the foreign notification, should be preserved in the 1212 Original-Recipient and Original-Message-ID fields. 1214 The gateway should also attempt to preserve the "final" recipient 1215 address from the foreign system. Whenever possible, foreign protocol 1216 elements should be encoded as meaningful printable ASCII strings. 1218 For MDNs produced from foreign disposition notifications, the name of 1219 the gateway MUST appear in the MDN-Gateway field of the MDN. 1221 8.2. Gatewaying from MDNs to other mail systems 1223 It may be possible to gateway MDNs from the Internet into a foreign 1224 mail system. The primary purpose of such gatewaying is to convey 1225 disposition information in a form that is usable by the destination 1226 system. A secondary purpose is to allow "tunneling" of MDNs through 1227 foreign mail systems in case the MDN may be gatewayed back into the 1228 Internet. 1230 In general, the recipient of the MDN (i.e., the sender of the 1231 original message) will want to know, for each recipient: the closest 1232 available approximation to the original recipient address, and the 1233 disposition (displayed, printed, etc.). 1235 If possible, the gateway should attempt to preserve the Original- 1236 Recipient address and Original-Message-ID (if present) in the 1237 resulting foreign disposition report. 1239 If it is possible to tunnel an MDN through the destination 1240 environment, the gateway specification may define a means of 1241 preserving the MDN information in the disposition reports used by 1242 that environment. 1244 8.3. Gatewaying of MDN-requests to other mail systems 1246 By use of the separate disposition-notification-to request header 1247 field, this specification offers a richer functionality than most, if 1248 not all, other email systems. In most other email systems, the 1249 notification recipient is identical to the message sender as 1250 indicated in the "from" address. There are two interesting cases 1251 when gatewaying into such systems: 1253 1. If the address in the disposition-notification-to header field is 1254 identical to the address in the SMTP "MAIL FROM", the expected 1255 behavior will result, even if the disposition-notification-to 1256 information is lost. Systems should propagate the MDN request. 1258 2. If the address in the disposition-notification-to header field is 1259 different from the address in the SMTP "MAIL FROM", gatewaying 1260 into a foreign system without a separate notification address 1261 will result in unintended behavior. This is especially important 1262 when the message arrives via a mailing list expansion software 1263 that may specifically replace the SMTP "MAIL FROM" address with 1264 an alternate address. In such cases, the MDN request should not 1265 be gatewayed and should be silently dropped. This is consistent 1266 with other forms of non-support for MDN. 1268 9. Example 1270 NOTE: This example is provided as illustration only, and is not 1271 considered part of the MDN protocol specification. If the example 1272 conflicts with the protocol definition above, the example is wrong. 1274 Likewise, the use of *-type subfield names or extension fields in 1275 this example is not to be construed as a definition for those type 1276 names or extension fields. 1278 This is an MDN issued after a message has been displayed to the user 1279 of an Internet Mail user agent. 1281 Date: Wed, 20 Sep 1995 00:19:00 (EDT) -0400 1282 From: Joe Recipient 1283 Message-Id: <199509200019.12345@example.com> 1284 Subject: Disposition notification 1285 To: Jane Sender 1286 MIME-Version: 1.0 1287 Content-Type: multipart/report; report-type=disposition-notification; 1288 boundary="RAA14128.773615765/example.com" 1290 --RAA14128.773615765/example.com 1292 The message sent on 1995 Sep 19 at 13:30:00 (EDT) -0400 to Joe 1293 Recipient with subject "First draft of 1294 report" has been displayed. 1295 This is no guarantee that the message has been read or understood. 1297 --RAA14128.773615765/example.com 1298 content-type: message/disposition-notification 1300 Reporting-UA: joes-pc.cs.example.com; Foomail 97.1 1301 Original-Recipient: rfc822;Joe_Recipient@example.com 1302 Final-Recipient: rfc822;Joe_Recipient@example.com 1303 Original-Message-ID: <199509192301.23456@example.org> 1304 Disposition: manual-action/MDN-sent-manually; displayed 1306 --RAA14128.773615765/example.com 1307 content-type: message/rfc822 1309 [original message optionally goes here] 1311 --RAA14128.773615765/example.com-- 1313 10. IANA Considerations 1315 There are two actions for IANA: 1317 1. IANA is asked to update the registration template for the 1318 message/disposition-notification media type to the one in 1319 Section 3.1 of this document, and to update the reference for 1320 that media type to point to this document instead of to RFC 3798. 1322 2. The registries specified here already exist, and this section is 1323 updating their documentation. IANA is asked to change the 1324 reference document for the three Message Disposition Notification 1325 Parameters registries to point to this document instead of to RFC 1326 3798. 1328 This document specifies three types of parameters that must be 1329 registered with the Internet Assigned Numbers Authority (IANA). All 1330 of them use [RFC5226] "Specification required" IANA registration 1331 policy. 1333 The forms below are for use when registering a new disposition- 1334 notification-parameter name for the Disposition-Notification-Options 1335 header field, a new disposition modifier name, or a new MDN extension 1336 field. Each piece of information required by a registration form may 1337 be satisfied either by providing the information on the form itself, 1338 or by including a reference to a published, publicly available 1339 specification that includes the necessary information. IANA MAY 1340 reject registrations because of incomplete registration forms or 1341 incomplete specifications. 1343 To register, complete the following applicable form and send it via 1344 electronic mail to . 1346 10.1. Disposition-Notification-Options header field disposition- 1347 notification-parameter names 1349 A registration for a Disposition-Notification-Options header field 1350 disposition-notification-parameter name MUST include the following 1351 information: 1353 a. The proposed disposition-notification-parameter name. 1355 b. The syntax for disposition-notification-parameter values, 1356 specified using BNF, ABNF, regular expressions, or other non- 1357 ambiguous language. 1359 c. If disposition-notification-parameter values are not composed 1360 entirely of graphic characters from the US-ASCII repertoire, a 1361 specification for how they are to be encoded as graphic US-ASCII 1362 characters in a Disposition-Notification-Options header field. 1364 d. A reference to a permanent and readily available public 1365 specification that describes the semantics of the disposition- 1366 notification-parameter values. 1368 10.2. Disposition modifier names 1370 A registration for a disposition-modifier name (used in the 1371 Disposition field of a message/disposition-notification) MUST include 1372 the following information: 1374 a. The proposed disposition-modifier name. 1376 b. A reference to a permanent and readily available public 1377 specification that describes the semantics of the disposition 1378 modifier. 1380 10.3. MDN extension field names 1382 A registration for an MDN extension-field name MUST include the 1383 following information: 1385 a. The proposed extension field name. 1387 b. The syntax for extension values, specified using BNF, ABNF, 1388 regular expressions, or other non-ambiguous language. 1390 c. If extension-field values are not composed entirely of graphic 1391 characters from the US-ASCII repertoire, a specification for how 1392 they are to be encoded as graphic US-ASCII characters in a 1393 Disposition-Notification-Options header field. 1395 d. A reference to a permanent and readily available public 1396 specification that describes the semantics of the extension 1397 field. 1399 11. Acknowledgements 1401 The contributions of Bruce Lilly, Alfred Hoenes, Barry Leiba and Pete 1402 Resnick are gratefully acknowledged for this revision. 1404 The contributions of Roger Fajman and Greg Vaudreuil to earlier 1405 versions of this document are also gratefully acknowledged. 1407 12. References 1409 12.1. Normative References 1411 [RFC5321] Klensin, J., "Simple Mail Transfer Protocol", RFC 5321, 1412 DOI 10.17487/RFC5321, October 2008, 1413 . 1415 [RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322, 1416 DOI 10.17487/RFC5322, October 2008, 1417 . 1419 [RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail 1420 Extensions (MIME) Part One: Format of Internet Message 1421 Bodies", RFC 2045, DOI 10.17487/RFC2045, November 1996, 1422 . 1424 [RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail 1425 Extensions (MIME) Part Two: Media Types", RFC 2046, 1426 DOI 10.17487/RFC2046, November 1996, 1427 . 1429 [RFC2047] Moore, K., "MIME (Multipurpose Internet Mail Extensions) 1430 Part Three: Message Header Extensions for Non-ASCII Text", 1431 RFC 2047, DOI 10.17487/RFC2047, November 1996, 1432 . 1434 [RFC3462] Vaudreuil, G., "The Multipart/Report Content Type for the 1435 Reporting of Mail System Administrative Messages", 1436 RFC 3462, DOI 10.17487/RFC3462, January 2003, 1437 . 1439 [RFC3461] Moore, K., "Simple Mail Transfer Protocol (SMTP) Service 1440 Extension for Delivery Status Notifications (DSNs)", 1441 RFC 3461, DOI 10.17487/RFC3461, January 2003, 1442 . 1444 [RFC3464] Moore, K. and G. Vaudreuil, "An Extensible Message Format 1445 for Delivery Status Notifications", RFC 3464, 1446 DOI 10.17487/RFC3464, January 2003, 1447 . 1449 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1450 Requirement Levels", BCP 14, RFC 2119, 1451 DOI 10.17487/RFC2119, March 1997, 1452 . 1454 [RFC3503] Melnikov, A., "Message Disposition Notification (MDN) 1455 profile for Internet Message Access Protocol (IMAP)", 1456 RFC 3503, DOI 10.17487/RFC3503, March 2003, 1457 . 1459 12.2. Informative References 1461 [RFC2634] Hoffman, P., Ed., "Enhanced Security Services for S/MIME", 1462 RFC 2634, DOI 10.17487/RFC2634, June 1999, 1463 . 1465 [RFC3249] Cancio, V., Moldovan, M., Tamura, H., and D. Wing, 1466 "Implementers Guide for Facsimile Using Internet Mail", 1467 RFC 3249, DOI 10.17487/RFC3249, September 2002, 1468 . 1470 [RFC3501] Crispin, M., "INTERNET MESSAGE ACCESS PROTOCOL - VERSION 1471 4rev1", RFC 3501, DOI 10.17487/RFC3501, March 2003, 1472 . 1474 [RFC3801] Vaudreuil, G. and G. Parsons, "Voice Profile for Internet 1475 Mail - version 2 (VPIMv2)", RFC 3801, 1476 DOI 10.17487/RFC3801, June 2004, 1477 . 1479 [RFC5233] Murchison, K., "Sieve Email Filtering: Subaddress 1480 Extension", RFC 5233, DOI 10.17487/RFC5233, January 2008, 1481 . 1483 [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an 1484 IANA Considerations Section in RFCs", BCP 26, RFC 5226, 1485 DOI 10.17487/RFC5226, May 2008, 1486 . 1488 [RFC5429] Stone, A., Ed., "Sieve Email Filtering: Reject and 1489 Extended Reject Extensions", RFC 5429, 1490 DOI 10.17487/RFC5429, March 2009, 1491 . 1493 [RFC5598] Crocker, D., "Internet Mail Architecture", RFC 5598, 1494 DOI 10.17487/RFC5598, July 2009, 1495 . 1497 [RFC6533] Hansen, T., Ed., Newman, C., and A. Melnikov, 1498 "Internationalized Delivery Status and Disposition 1499 Notifications", RFC 6533, DOI 10.17487/RFC6533, February 1500 2012, . 1502 Appendix A. Changes from RFC 3798 1504 Changed IANA registration for different subregistries to 1505 "Specification Required" to match what is already used by IANA. 1507 Updated IANA registration template for message/disposition- 1508 notification. 1510 "X-" fields no longer reserved for experimental use and can now be 1511 registered in compliance with RFC 6648. 1513 Fixed the default MTA-name-type used in "MDN-Gateway" to be "dns". 1515 Strengthen requirements on obtaining user consent in order to protect 1516 user privacy. 1518 The values of "dispatched" and "processed" were lost from the ABNF 1519 for "disposition-type". 1521 Because the warning disposition modifier was previously removed, 1522 warning-field has also been removed. 1524 The ABNF for ua-name and ua-product included semi-colon, which could 1525 not be distinguished from *text in the production. The ua-name was 1526 restricted to not include semi-colon. Semi-colon can still appear in 1527 the ua-product. 1529 The ABNF did not indicate all places that whitespace was allowable, 1530 in particular folding whitespace, although all implementations allow 1531 whitespace and folding in the header fields just like any other 1532 RFC5322 [RFC5322]-formatted header field. There were also a number 1533 of places in the ABNF that inconsistently permitted comments and 1534 whitespace in one leg of the production and not another. The ABNF 1535 now specifies FWS and CFWS in several places that should have already 1536 been specified by the grammar. 1538 Extension-field was defined in the collected grammar but not in the 1539 main text. 1541 The comparison of mailboxes in Disposition-Notification-To to the 1542 Return-Path addr-spec was clarified. 1544 The use of the grammar production "parameter" was confusing with the 1545 RFC2045 [RFC2045] production of the same name, as well as other uses 1546 of the same term. These have been clarified. 1548 A clarification was added on the extent of the 7bit nature of MDNs. 1550 Uses of the terms "may" and "might" were clarified. 1552 A clarification was added on the order of the fields in the message/ 1553 disposition-notification content. 1555 Authors' Addresses 1557 Tony Hansen (editor) 1558 AT&T Laboratories 1559 200 Laurel Ave. South 1560 Middletown, NJ 07748 1561 USA 1563 Email: tony@att.com 1565 Alexey Melnikov (editor) 1566 Isode Ltd 1567 14 Castle Mews 1568 Hampton, Middlesex TW12 2NP 1569 UK 1571 Email: Alexey.Melnikov@isode.com