Network Working Group T. Hansen, Ed. Request for Comments: 3798 AT&T Laboratories Obsoletes: 2298 G. Vaudreuil, Ed. Updates: 3461, 2046 Lucent Technologies Category: Standards Track May 2004 Message Disposition Notification Status of this Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2004). All Rights Reserved.
AbstractThis memo defines a MIME content-type that may be used by a mail user agent (MUA) or electronic mail gateway to report the disposition of a message after it has been successfully delivered to a recipient. This content-type is intended to be machine-processable. Additional message headers are also defined to permit Message Disposition Notifications (MDNs) to be requested by the sender of a message. The purpose is to extend Internet Mail to support functionality often found in other messaging systems, such as X.400 and the proprietary "LAN-based" systems, and often referred to as "read receipts," "acknowledgements", or "receipt notifications." The intention is to do this while respecting privacy concerns, which have often been expressed when such functions have been discussed in the past. Because many messages are sent between the Internet and other messaging systems (such as X.400 or the proprietary "LAN-based" systems), the MDN protocol is designed to be useful in a multi- protocol messaging environment. To this end, the protocol described in this memo provides for the carriage of "foreign" addresses, in addition to those normally used in Internet Mail. Additional attributes may also be defined to support "tunneling" of foreign notifications through Internet Mail.
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Purposes . . . . . . . . . . . . . . . . . . . . . . . . 3 1.2. Requirements . . . . . . . . . . . . . . . . . . . . . . 3 1.3. Terminology. . . . . . . . . . . . . . . . . . . . . . . 4 2. Requesting Message Disposition Notifications . . . . . . . . . 4 2.1. The Disposition-Notification-To Header . . . . . . . . . 4 2.2. The Disposition-Notification-Options Header. . . . . . . 6 2.3. The Original-Recipient Header. . . . . . . . . . . . . . 7 2.4. Use with the Message/Partial Content Type. . . . . . . . 8 3. FORMAT OF A MESSAGE DISPOSITION NOTIFICATION . . . . . . . . . 8 3.1. The message/disposition-notification content-type. . . . 9 3.2. Message/disposition-notification Fields. . . . . . . . . 11 3.3. Extension-fields . . . . . . . . . . . . . . . . . . . . 16 4. Timeline of Events . . . . . . . . . . . . . . . . . . . . . . 17 5. Conformance and Usage Requirements . . . . . . . . . . . . . . 18 6. Security Considerations. . . . . . . . . . . . . . . . . . . . 19 6.1. Forgery. . . . . . . . . . . . . . . . . . . . . . . . . 19 6.2. Privacy. . . . . . . . . . . . . . . . . . . . . . . . . 19 6.3. Non-Repudiation. . . . . . . . . . . . . . . . . . . . . 20 6.4. Mail Bombing . . . . . . . . . . . . . . . . . . . . . . 20 7. Collected Grammar. . . . . . . . . . . . . . . . . . . . . . . 20 8. Guidelines for Gatewaying MDNS . . . . . . . . . . . . . . . . 22 8.1. Gatewaying from other mail systems to MDNs . . . . . . . 23 8.2. Gatewaying from MDNs to other mail systems . . . . . . . 23 8.3. Gatewaying of MDN-requests to other mail systems . . . . 24 9. Example. . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 10. IANA Considerations. . . . . . . . . . . . . . . . . . . . . . 25 10.1. Disposition-Notification-Options header parameter names. 26 10.2. Disposition modifier names . . . . . . . . . . . . . . . 26 10.3. MDN extension field names. . . . . . . . . . . . . . . . 26 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 27 12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 27 12.1. Normative References . . . . . . . . . . . . . . . . . . 27 12.2. Informative References . . . . . . . . . . . . . . . . . 28 Appendix A - Changes from RFC 2298 . . . . . . . . . . . . . . . . 29 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 29 Full Copyright Statement . . . . . . . . . . . . . . . . . . . . . 30
RFC-MIME-MEDIA] content-type for message disposition notifications (MDNs). An MDN can be used to notify the sender of a message of any of several conditions that may occur after successful delivery, such as display of the message contents, printing of the message, deletion (without display) of the message, or the recipient's refusal to provide MDNs. The "message/disposition-notification" content-type defined herein is intended for use within the framework of the "multipart/report" content type defined in [RFC-REPORT]. This memo defines the format of the notifications and the [RFC- MSGFMT] headers used to request them.
(b) It must provide enough information to allow message senders (or their user agents) to unambiguously associate an MDN with the message that was sent and the original recipient address for which the MDN was issued (if such information is available), even if the message was forwarded to another recipient address. (c) It must also be able to describe the disposition of a message independent of any particular human language or of the terminology of any particular mail system. (d) The specification must be extensible in order to accommodate future requirements. RFC-KEYWORDS]. All syntax descriptions use the ABNF specified by [RFC-MSGFMT], in which the lexical tokens (used below) are defined: "atom", "CRLF", "mailbox", "msg-id", and "text". The following lexical tokens are defined in the definition of the Content-Type header in [RFC-MIME- BODY]: "attribute" and "value".
An MDN MUST NOT itself have a Disposition-Notification-To header. An MDN MUST NOT be generated in response to an MDN. A user agent MUST NOT issue more than one MDN on behalf of each particular recipient. That is, once an MDN has been issued on behalf of a recipient, no further MDNs may be issued on behalf of that recipient, even if another disposition is performed on the message. However, if a message is forwarded, an MDN may have been issued for the recipient doing the forwarding and the recipient of the forwarded message may also cause an MDN to be generated. While Internet standards normally do not specify the behavior of user interfaces, it is strongly recommended that the user agent obtain the user's consent before sending an MDN. This consent could be obtained for each message through some sort of prompt or dialog box, or globally through the user's setting of a preference. The user might also indicate globally that MDNs are to never be sent or that a "denied" MDN is always sent in response to a request for an MDN. MDNs SHOULD NOT be sent automatically if the address in the Disposition-Notification-To header differs from the address in the Return-Path header (see [RFC-MSGFMT]). In this case, confirmation from the user SHOULD be obtained, if possible. If obtaining consent is not possible (e.g., because the user is not online at the time), then an MDN SHOULD NOT be sent. Confirmation from the user SHOULD be obtained (or no MDN sent) if there is no Return-Path header in the message, or if there is more than one distinct address in the Disposition-Notification-To header. The comparison of the addresses should be done using only the addr- spec (local-part "@" domain) portion, excluding any phrase and route. The comparison MUST be case-sensitive for the local-part and case- insensitive for the domain part. If the message contains more than one Return-Path header, the implementation may pick one to use for the comparison, or treat the situation as a failure of the comparison. The reason for not automatically sending an MDN if the comparison fails or more than one address is specified is to reduce the possibility of mail loops and of MDNs being used for mail bombing. A message that contains a Disposition-Notification-To header SHOULD also contain a Message-ID header as specified in [RFC-MSGFMT]. This will permit automatic correlation of MDNs with their original messages by user agents.
If the request for message disposition notifications for some recipients and not others is desired, two copies of the message should be sent, one with a Disposition-Notification-To header and one without. Many of the other headers of the message (e.g., To, Cc) will be the same in both copies. The recipients in the respective message envelopes determine for whom message disposition notifications are requested and for whom they are not. If desired, the Message-ID header may be the same in both copies of the message. Note that there are other situations (e.g., Bcc) in which it is necessary to send multiple copies of a message with slightly different headers. The combination of such situations and the need to request MDNs for a subset of all recipients may result in more than two copies of a message being sent, some with a Disposition- Notification-To header and some without. Messages posted to newsgroups SHOULD NOT have a Disposition- Notification-To header.
never be defined as standard names; such names are reserved for experimental use. MDN parameter names not beginning with "X-" MUST be registered with the Internet Assigned Numbers Authority (IANA) and described in a standards-track RFC or an experimental RFC approved by the IESG. (See Section 10 for a registration form.) If a required parameter is not understood or contains some sort of error, the receiving MUA SHOULD issue an MDN with a disposition type of "failed" (see Section 3.2.6), and include a Failure field (see Section 3.2.7) that further describes the problem. MDNs with the disposition type of "failed" and a "Failure" field MAY also be generated when other types of errors are detected in the parameters of the Disposition-Notification-Options header. However, an MDN with a disposition type of "failed" MUST NOT be generated if the user has indicated a preference that MDNs are not to be sent. If user consent would be required for an MDN of some other disposition type to be sent, user consent SHOULD also be obtained before sending an MDN with a disposition type of "failed". RFC-SMTP] and [RFC-DSN-SMTP]. [RFC-DSN-SMTP] is amended as follows: If the ORCPT information is available, the delivering MTA SHOULD insert an Original-Recipient header at the beginning of the message (along with the Return-Path header). The delivering MTA MAY delete any other Original-Recipient headers that occur in the message. The syntax of this header is as follows: original-recipient-header = "Original-Recipient" ":" address-type ";" generic-address The address-type and generic-address token are as specified in the description of the Original-Recipient field in section 3.2.3. The purpose of carrying the original recipient information and returning it in the MDN is to permit automatic correlation of MDNs with the original message on a per-recipient basis.
RFC-MIME-MEDIA]) requires further definition. When a message is segmented into two or more message/partial fragments, the three headers mentioned in the above paragraph SHOULD be placed in the "inner" or "enclosed" message (using the terms of [RFC-MIME-MEDIA]). These headers SHOULD NOT be used in the headers of any of the fragments themselves. When the multiple message/partial fragments are reassembled, the following applies. If these headers occur along with the other headers of a message/partial fragment message, they pertain to an MDN that will be generated for the fragment. If these headers occur in the headers of the "inner" or "enclosed" message (using the terms of [RFC-MIME-MEDIA]), they pertain to an MDN that will be generated for the reassembled message. Section 220.127.116.11 of [RFC-MIME-MEDIA]) is amended to specify that, in addition to the headers specified there, the three headers described in this specification are to be appended, in order, to the headers of the reassembled message. Any occurrences of the three headers defined here in the headers of the initial enclosing message must not be copied to the reassembled message. RFC-REPORT]). When multipart/report content is used to transmit an MDN: (a) The report-type parameter of the multipart/report content is "disposition-notification". (b) The first component of the multipart/report contains a human- readable explanation of the MDN, as described in [RFC-REPORT]. (c) The second component of the multipart/report is of content-type message/disposition-notification, described in section 3.1 of this document. (d) If the original message or a portion of the message is to be returned to the sender, it appears as the third component of the multipart/report. The decision of whether or not to return the message or part of the message is up to the MUA generating the
MDN. However, in the case of encrypted messages requesting MDNs, encrypted message text MUST be returned, if it is returned at all, only in its original encrypted form. NOTE: For message disposition notifications gatewayed from foreign systems, the headers of the original message may not be available. In this case, the third component of the MDN may be omitted, or it may contain "simulated" [RFC-MSGFMT] headers that contain equivalent information. In particular, it is very desirable to preserve the subject and date fields from the original message. The MDN MUST be addressed (in both the message header and the transport envelope) to the address(es) from the Disposition- Notification-To header from the original message for which the MDN is being generated. The From field of the message header of the MDN MUST contain the address of the person for whom the message disposition notification is being issued. The envelope sender address (i.e., SMTP MAIL FROM) of the MDN MUST be null (<>), specifying that no Delivery Status Notification messages or other messages indicating successful or unsuccessful delivery are to be sent in response to an MDN. A message disposition notification MUST NOT itself request an MDN. That is, it MUST NOT contain a Disposition-Notification-To header. The Message-ID header (if present) for an MDN MUST be different from the Message-ID of the message for which the MDN is being issued. A particular MDN describes the disposition of exactly one message for exactly one recipient. Multiple MDNs may be generated as a result of one message submission, one per recipient. However, due to the circumstances described in Section 2.1, MDNs may not be generated for some recipients for which MDNs were requested.
Encoding considerations: "7bit" encoding is sufficient and MUST be used to maintain readability when viewed by non-MIME mail readers. Security considerations: discussed in section 6 of this memo. The message/disposition-notification report type for use in the multipart/report is "disposition-notification". The body of a message/disposition-notification consists of one or more "fields" formatted according to the ABNF of [RFC-MSGFMT] header "fields". The syntax of the message/disposition-notification content is as follows: disposition-notification-content = [ reporting-ua-field CRLF ] [ mdn-gateway-field CRLF ] [ original-recipient-field CRLF ] final-recipient-field CRLF [ original-message-id-field CRLF ] disposition-field CRLF *( failure-field CRLF ) *( error-field CRLF ) *( warning-field CRLF ) *( extension-field CRLF ) RFC-MIME-HEADER].
The "-type" subfields are defined as follows: (a) An "address-type" specifies the format of a mailbox address. For example, Internet Mail addresses use the "rfc822" address- type. address-type = atom (b) An "MTA-name-type" specifies the format of a mail transfer agent name. For example, for an SMTP server on an Internet host, the MTA name is the domain name of that host, and the "dns" MTA- name-type is used. mta-name-type = atom Values for address-type and mta-name-type are case-insensitive. Thus, address-type values of "RFC822" and "rfc822" are equivalent. The Internet Assigned Numbers Authority (IANA) maintains a registry of address-type and mta-name-type values, along with descriptions of the meanings of each, or a reference to one or more specifications that provide such descriptions. (The "rfc822" address-type is defined in [RFC-DSN-SMTP].) Registration forms for address-type and mta-name-type appear in [RFC-DSN-FORMAT].
If the reporting MUA consists of more than one component (e.g., a base program and plug-ins), this may be indicated by including a list of product names. RFC-MSGFMT]. The value "unknown" should be used if the Reporting MUA cannot determine the type of the original recipient address from the message envelope.
This address is the same as that provided by the sender and can be used to automatically correlate MDN reports with original messages on a per recipient basis. RFC-MSGFMT].
"MDN-sent-manually" The user explicitly gave permission for this particular MDN to be sent. "MDN-sent-automatically" The MDN was sent because the MUA had previously been configured to do so automatically. "MDN-sent-manually" and "MDN-sent-automatically" are mutually exclusive. One or the other MUST be specified. Section 10 for a registration form.) MDNs with disposition modifier names not understood by the receiving MUA MAY be silently ignored or placed in the
user's mailbox without special interpretation. They MUST not cause any error message to be sent to the sender of the MDN. If an MUA developer does not wish to register the meanings of such disposition modifier extensions, "X-" modifiers may be used for this purpose. To avoid name collisions, the name of the MUA implementation should follow the "X-", (e.g., "X-Foomail-"). It is not required that an MUA be able to generate all of the possible values of the Disposition field. A user agent MUST NOT issue more than one MDN on behalf of each particular recipient. That is, once an MDN has been issued on behalf of a recipient, no further MDNs may be issued on behalf of that recipient, even if another disposition is performed on the message. However, if a message is forwarded, a "dispatched" MDN may be issued for the recipient doing the forwarding and the recipient of the forwarded message may also cause an MDN to be generated. Section 10 for a registration form.)
MDN Extension-fields may be defined for the following reasons: (a) To allow additional information from foreign disposition reports to be tunneled through Internet MDNs. The names of such MDN fields should begin with an indication of the foreign environment name (e.g., X400-Physical-Forwarding-Address). (b) To allow transmission of diagnostic information that is specific to a particular mail user agent (MUA). The names of such MDN fields should begin with an indication of the MUA implementation that produced the MDN (e.g., Foomail-information). If an application developer does not wish to register the meanings of such extension fields, "X-" fields may be used for this purpose. To avoid name collisions, the name of the application implementation should follow the "X-", (e.g., "X-Foomail-Log-ID" or "X-Foomail-EDI- info").
-- MUA performs requested action and, with user's permission, sends an appropriate MDN ("displayed", "dispatched", "processed", "deleted", "denied", or "failed" disposition type, with "manual- action" and "MDN-sent-manually" or "MDN-sent-automatically" disposition mode). -- User possibly performs other actions on message, but no further MDNs are generated. RFC-DSN-SMTP] permits such information to be carried in the envelope if it is available. The Original-Recipient header defined in this document provides a way for the MTA to pass the original recipient address to the MUA. Each sender-specified recipient address may result in more than one MDN. If an MDN is requested for a recipient that is forwarded to multiple recipients of an "alias" (as defined in [RFC-DSN-SMTP], section 18.104.22.168), each of the recipients may issue an MDN. Successful distribution of a message to a mailing list exploder SHOULD be considered the final disposition of the message. A mailing list exploder MAY issue an MDN with a disposition type of "processed" and disposition modes of "automatic-action" and "MDN-sent- automatically" indicating that the message has been forwarded to the list. In this case, the request for MDNs is not propagated to the members of the list. Alternatively, the mailing list exploder MAY issue no MDN and propagate the request for MDNs to all members of the list. The latter behavior is not recommended for any but small, closely knit lists, as it might cause large numbers of MDNs to be generated and may cause confidential subscribers to the list to be revealed. The mailing list exploder MAY also direct MDNs to itself, correlate them, and produce a report to the original sender of the message. This specification places no restrictions on the processing of MDNs received by user agents or mailing lists.
In some cases, someone with access to the message stream may use the MDN request mechanism to monitor the mail reading habits of a target. If the target is known to generate MDN reports, they could add a disposition-notification-to field containing the envelope from address along with a source route. The source route is ignored in the comparison so the addresses will always match. But if the source route is honored when the notification is sent, it could direct the message to some other destination. This risk can be minimized by not sending MDN's automatically. RFC 2634 [SEC-SERVICES]. section 2.1 for further discussion. RFC-MSGFMT]: atom, CRLF, mailbox, msg-id, text. The definitions of attribute and value are as in the definition of the Content-Type header in [RFC- MIME-BODY].
Message headers: mdn-request-header = "Disposition-Notification-To" ":" mailbox *("," mailbox) Disposition-Notification-Options = "Disposition-Notification-Options" ":" disposition-notification-parameters disposition-notification-parameters = parameter *(";" parameter) parameter = attribute "=" importance "," value *("," value) importance = "required" / "optional" original-recipient-header = "Original-Recipient" ":" address-type ";" generic-address Report content: disposition-notification-content = [ reporting-ua-field CRLF ] [ mdn-gateway-field CRLF ] [ original-recipient-field CRLF ] final-recipient-field CRLF [ original-message-id-field CRLF ] disposition-field CRLF *( failure-field CRLF ) *( error-field CRLF ) *( warning-field CRLF ) *( extension-field CRLF ) address-type = atom mta-name-type = atom reporting-ua-field = "Reporting-UA" ":" ua-name [ ";" ua-product ] ua-name = *text ua-product = *text mdn-gateway-field = "MDN-Gateway" ":" mta-name-type ";" mta-name mta-name = *text
original-recipient-field = "Original-Recipient" ":" address-type ";" generic-address generic-address = *text final-recipient-field = "Final-Recipient" ":" address-type ";" generic-address disposition-field = "Disposition" ":" disposition-mode ";" disposition-type [ "/" disposition-modifier *( "," disposition-modifier ) ] disposition-mode = action-mode "/" sending-mode action-mode = "manual-action" / "automatic-action" sending-mode = "MDN-sent-manually" / "MDN-sent-automatically" disposition-type = "displayed" / "deleted" disposition-modifier = "error" / disposition-modifier-extension disposition-modifier-extension = atom original-message-id-field = "Original-Message-ID" ":" msg-id failure-field = "Failure" ":" *text error-field = "Error" ":" *text warning-field = "Warning" ":" *text extension-field = extension-field-name ":" *text extension-field-name = atom
If it is possible to tunnel an MDN through the destination environment, the gateway specification may define a means of preserving the MDN information in the disposition reports used by that environment.
Content-Type: multipart/report; report-type=disposition-notification; boundary="RAA14128.773615765/example.com" --RAA14128.773615765/example.com The message sent on 1995 Sep 19 at 13:30:00 (EDT) -0400 to Joe Recipient <Joe_Recipient@example.com> with subject "First draft of report" has been displayed. This is no guarantee that the message has been read or understood. --RAA14128.773615765/example.com content-type: message/disposition-notification Reporting-UA: joes-pc.cs.example.com; Foomail 97.1 Original-Recipient: rfc822;Joe_Recipient@example.com Final-Recipient: rfc822;Joe_Recipient@example.com Original-Message-ID: <firstname.lastname@example.org> Disposition: manual-action/MDN-sent-manually; displayed --RAA14128.773615765/example.com content-type: message/rfc822 [original message optionally goes here] --RAA14128.773615765/example.com--
(d) A reference to a standards track RFC or experimental RFC approved by the IESG that describes the semantics of the extension field. RFC 2298 was based on the Delivery Status Notifications document [RFC-DSN-FORMAT] by Keith Moore and Greg Vaudreuil. Contributions were made by members of the IETF Receipt Working Group, including Harald Alvestrand, Ian Bell, Urs Eppenberger, Claus Andri Faerber, Ned Freed, Jim Galvin, Carl Hage, Mike Lake, Keith Moore, Paul Overell, Pete Resnick, and Chuck Shih. [RFC-SMTP] Klensin, J., Ed., "Simple Mail Transfer Protocol", RFC 2821, April 2001. [RFC-MSGFMT] Resnick, P., Ed., "Internet Message Format", RFC 2822, April 2001. [RFC-MIME-BODY] Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies", RFC 2045, November 1996. [RFC-MIME-MEDIA] Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types", RFC 2046, November 1996. [RFC-MIME-HEADER] Moore, K., "MIME (Multipurpose Internet Mail Extensions) Part Three: Message Header Extensions for Non-ASCII Text", RFC 2047, November 1996. [RFC-REPORT] Vaudreuil, G., "The Multipart/Report Content Type for the Reporting of Mail System Administrative Messages", RFC 3462, January 2003. [RFC-DSN-SMTP] Moore, K., "Simple Mail Transfer Protocol (SMTP) Service Extension for Delivery Status Notifications", RFC 3461, January 2003.
[RFC-DSN-FORMAT] Moore, K., and G. Vaudreuil, "An Extensible Format for Delivery Status Notifications (DSNs)", RFC 3464, January 2003. [RFC-KEYWORDS] Bradner, S., "Key Words for Use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [SEC-SERVICES] Hoffman, P., Ed., "Enhanced Security Services for S/MIME", RFC 2634, June 1999.
Full Copyright Statement Copyright (C) The Internet Society (2004). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf- email@example.com. Acknowledgement Funding for the RFC Editor function is currently provided by the Internet Society.