Tech-invite3GPPspaceIETF RFCsSIP
in Index   Prev   Next

RFC 5321

Simple Mail Transfer Protocol

Pages: 95
Draft Standard
Obsoletes:  2821
Updates:  1123
Updated by:  7504
Part 3 of 4 – Pages 46 to 75
First   Prev   Next

Top   ToC   RFC5321 - Page 46   prevText

4.2. SMTP Replies

Replies to SMTP commands serve to ensure the synchronization of requests and actions in the process of mail transfer and to guarantee that the SMTP client always knows the state of the SMTP server. Every command MUST generate exactly one reply. The details of the command-reply sequence are described in Section 4.3. An SMTP reply consists of a three digit number (transmitted as three numeric characters) followed by some text unless specified otherwise in this document. The number is for use by automata to determine what state to enter next; the text is for the human user. The three digits contain enough encoded information that the SMTP client need not examine the text and may either discard it or pass it on to the user, as appropriate. Exceptions are as noted elsewhere in this document. In particular, the 220, 221, 251, 421, and 551 reply codes are associated with message text that must be parsed and interpreted by machines. In the general case, the text may be receiver dependent and context dependent, so there are likely to be varying texts for each reply code. A discussion of the theory of reply codes is given in Section 4.2.1. Formally, a reply is defined to be the sequence: a three-digit code, <SP>, one line of text, and <CRLF>, or a multiline reply (as defined in the same section). Since, in violation of this specification, the text is sometimes not sent, clients that do not receive it SHOULD be prepared to process the code alone (with or without a trailing space character). Only the EHLO, EXPN, and HELP commands are expected to result in multiline replies in normal
Top   ToC   RFC5321 - Page 47
   circumstances; however, multiline replies are allowed for any

   In ABNF, server responses are:

   Greeting       = ( "220 " (Domain / address-literal)
                  [ SP textstring ] CRLF ) /
                  ( "220-" (Domain / address-literal)
                  [ SP textstring ] CRLF
                  *( "220-" [ textstring ] CRLF )
                  "220" [ SP textstring ] CRLF )

   textstring     = 1*(%d09 / %d32-126) ; HT, SP, Printable US-ASCII

   Reply-line     = *( Reply-code "-" [ textstring ] CRLF )
                  Reply-code [ SP textstring ] CRLF

   Reply-code     = %x32-35 %x30-35 %x30-39

   where "Greeting" appears only in the 220 response that announces that
   the server is opening its part of the connection.  (Other possible
   server responses upon connection follow the syntax of Reply-line.)

   An SMTP server SHOULD send only the reply codes listed in this
   document.  An SMTP server SHOULD use the text shown in the examples
   whenever appropriate.

   An SMTP client MUST determine its actions only by the reply code, not
   by the text (except for the "change of address" 251 and 551 and, if
   necessary, 220, 221, and 421 replies); in the general case, any text,
   including no text at all (although senders SHOULD NOT send bare
   codes), MUST be acceptable.  The space (blank) following the reply
   code is considered part of the text.  Whenever possible, a receiver-
   SMTP SHOULD test the first digit (severity indication) of the reply

   The list of codes that appears below MUST NOT be construed as
   permanent.  While the addition of new codes should be a rare and
   significant activity, with supplemental information in the textual
   part of the response being preferred, new codes may be added as the
   result of new Standards or Standards-Track specifications.
   Consequently, a sender-SMTP MUST be prepared to handle codes not
   specified in this document and MUST do so by interpreting the first
   digit only.

   In the absence of extensions negotiated with the client, SMTP servers
   MUST NOT send reply codes whose first digits are other than 2, 3, 4,
Top   ToC   RFC5321 - Page 48
   or 5.  Clients that receive such out-of-range codes SHOULD normally
   treat them as fatal errors and terminate the mail transaction.

4.2.1. Reply Code Severities and Theory

The three digits of the reply each have a special significance. The first digit denotes whether the response is good, bad, or incomplete. An unsophisticated SMTP client, or one that receives an unexpected code, will be able to determine its next action (proceed as planned, redo, retrench, etc.) by examining this first digit. An SMTP client that wants to know approximately what kind of error occurred (e.g., mail system error, command syntax error) may examine the second digit. The third digit and any supplemental information that may be present is reserved for the finest gradation of information. There are four values for the first digit of the reply code: 2yz Positive Completion reply The requested action has been successfully completed. A new request may be initiated. 3yz Positive Intermediate reply The command has been accepted, but the requested action is being held in abeyance, pending receipt of further information. The SMTP client should send another command specifying this information. This reply is used in command sequence groups (i.e., in DATA). 4yz Transient Negative Completion reply The command was not accepted, and the requested action did not occur. However, the error condition is temporary, and the action may be requested again. The sender should return to the beginning of the command sequence (if any). It is difficult to assign a meaning to "transient" when two different sites (receiver- and sender-SMTP agents) must agree on the interpretation. Each reply in this category might have a different time value, but the SMTP client SHOULD try again. A rule of thumb to determine whether a reply fits into the 4yz or the 5yz category (see below) is that replies are 4yz if they can be successful if repeated without any change in command form or in properties of the sender or receiver (that is, the command is repeated identically and the receiver does not put up a new implementation). 5yz Permanent Negative Completion reply The command was not accepted and the requested action did not occur. The SMTP client SHOULD NOT repeat the exact request (in the same sequence). Even some "permanent" error conditions can be corrected, so the human user may want to direct the SMTP client to
Top   ToC   RFC5321 - Page 49
      reinitiate the command sequence by direct action at some point in
      the future (e.g., after the spelling has been changed, or the user
      has altered the account status).

   It is worth noting that the file transfer protocol (FTP) [34] uses a
   very similar code architecture and that the SMTP codes are based on
   the FTP model.  However, SMTP uses a one-command, one-response model
   (while FTP is asynchronous) and FTP's 1yz codes are not part of the
   SMTP model.

   The second digit encodes responses in specific categories:

   x0z  Syntax: These replies refer to syntax errors, syntactically
      correct commands that do not fit any functional category, and
      unimplemented or superfluous commands.

   x1z  Information: These are replies to requests for information, such
      as status or help.

   x2z  Connections: These are replies referring to the transmission

   x3z  Unspecified.

   x4z  Unspecified.

   x5z  Mail system: These replies indicate the status of the receiver
      mail system vis-a-vis the requested transfer or other mail system

   The third digit gives a finer gradation of meaning in each category
   specified by the second digit.  The list of replies illustrates this.
   Each reply text is recommended rather than mandatory, and may even
   change according to the command with which it is associated.  On the
   other hand, the reply codes must strictly follow the specifications
   in this section.  Receiver implementations should not invent new
   codes for slightly different situations from the ones described here,
   but rather adapt codes already defined.

   For example, a command such as NOOP, whose successful execution does
   not offer the SMTP client any new information, will return a 250
   reply.  The reply is 502 when the command requests an unimplemented
   non-site-specific action.  A refinement of that is the 504 reply for
   a command that is implemented, but that requests an unimplemented
Top   ToC   RFC5321 - Page 50
   The reply text may be longer than a single line; in these cases the
   complete text must be marked so the SMTP client knows when it can
   stop reading the reply.  This requires a special format to indicate a
   multiple line reply.

   The format for multiline replies requires that every line, except the
   last, begin with the reply code, followed immediately by a hyphen,
   "-" (also known as minus), followed by text.  The last line will
   begin with the reply code, followed immediately by <SP>, optionally
   some text, and <CRLF>.  As noted above, servers SHOULD send the <SP>
   if subsequent text is not sent, but clients MUST be prepared for it
   to be omitted.

   For example:

      250-First line
      250-Second line
      250-234 Text beginning with numbers
      250 The last line

   In a multiline reply, the reply code on each of the lines MUST be the
   same.  It is reasonable for the client to rely on this, so it can
   make processing decisions based on the code in any line, assuming
   that all others will be the same.  In a few cases, there is important
   data for the client in the reply "text".  The client will be able to
   identify these cases from the current context.

4.2.2. Reply Codes by Function Groups

500 Syntax error, command unrecognized (This may include errors such as command line too long) 501 Syntax error in parameters or arguments 502 Command not implemented (see Section 4.2.4) 503 Bad sequence of commands 504 Command parameter not implemented 211 System status, or system help reply 214 Help message (Information on how to use the receiver or the meaning of a particular non-standard command; this reply is useful only to the human user)
Top   ToC   RFC5321 - Page 51
   220  <domain> Service ready

   221  <domain> Service closing transmission channel

   421  <domain> Service not available, closing transmission channel
      (This may be a reply to any command if the service knows it must
      shut down)

   250  Requested mail action okay, completed

   251  User not local; will forward to <forward-path> (See Section 3.4)

   252  Cannot VRFY user, but will accept message and attempt delivery
      (See Section 3.5.3)

   455  Server unable to accommodate parameters

   555  MAIL FROM/RCPT TO parameters not recognized or not implemented

   450  Requested mail action not taken: mailbox unavailable (e.g.,
      mailbox busy or temporarily blocked for policy reasons)

   550  Requested action not taken: mailbox unavailable (e.g., mailbox
      not found, no access, or command rejected for policy reasons)

   451  Requested action aborted: error in processing

   551  User not local; please try <forward-path> (See Section 3.4)

   452  Requested action not taken: insufficient system storage

   552  Requested mail action aborted: exceeded storage allocation

   553  Requested action not taken: mailbox name not allowed (e.g.,
      mailbox syntax incorrect)

   354  Start mail input; end with <CRLF>.<CRLF>

   554  Transaction failed (Or, in the case of a connection-opening
      response, "No SMTP service here")
Top   ToC   RFC5321 - Page 52

4.2.3. Reply Codes in Numeric Order

211 System status, or system help reply 214 Help message (Information on how to use the receiver or the meaning of a particular non-standard command; this reply is useful only to the human user) 220 <domain> Service ready 221 <domain> Service closing transmission channel 250 Requested mail action okay, completed 251 User not local; will forward to <forward-path> (See Section 3.4) 252 Cannot VRFY user, but will accept message and attempt delivery (See Section 3.5.3) 354 Start mail input; end with <CRLF>.<CRLF> 421 <domain> Service not available, closing transmission channel (This may be a reply to any command if the service knows it must shut down) 450 Requested mail action not taken: mailbox unavailable (e.g., mailbox busy or temporarily blocked for policy reasons) 451 Requested action aborted: local error in processing 452 Requested action not taken: insufficient system storage 455 Server unable to accommodate parameters 500 Syntax error, command unrecognized (This may include errors such as command line too long) 501 Syntax error in parameters or arguments 502 Command not implemented (see Section 4.2.4) 503 Bad sequence of commands 504 Command parameter not implemented 550 Requested action not taken: mailbox unavailable (e.g., mailbox not found, no access, or command rejected for policy reasons)
Top   ToC   RFC5321 - Page 53
   551  User not local; please try <forward-path> (See Section 3.4)

   552  Requested mail action aborted: exceeded storage allocation

   553  Requested action not taken: mailbox name not allowed (e.g.,
      mailbox syntax incorrect)

   554  Transaction failed (Or, in the case of a connection-opening
      response, "No SMTP service here")

   555  MAIL FROM/RCPT TO parameters not recognized or not implemented

4.2.4. Reply Code 502

Questions have been raised as to when reply code 502 (Command not implemented) SHOULD be returned in preference to other codes. 502 SHOULD be used when the command is actually recognized by the SMTP server, but not implemented. If the command is not recognized, code 500 SHOULD be returned. Extended SMTP systems MUST NOT list capabilities in response to EHLO for which they will return 502 (or 500) replies.

4.2.5. Reply Codes after DATA and the Subsequent <CRLF>.<CRLF>

When an SMTP server returns a positive completion status (2yz code) after the DATA command is completed with <CRLF>.<CRLF>, it accepts responsibility for: o delivering the message (if the recipient mailbox exists), or o if attempts to deliver the message fail due to transient conditions, retrying delivery some reasonable number of times at intervals as specified in Section 4.5.4. o if attempts to deliver the message fail due to permanent conditions, or if repeated attempts to deliver the message fail due to transient conditions, returning appropriate notification to the sender of the original message (using the address in the SMTP MAIL command). When an SMTP server returns a temporary error status (4yz) code after the DATA command is completed with <CRLF>.<CRLF>, it MUST NOT make a subsequent attempt to deliver that message. The SMTP client retains responsibility for the delivery of that message and may either return it to the user or requeue it for a subsequent attempt (see Section
Top   ToC   RFC5321 - Page 54
   The user who originated the message SHOULD be able to interpret the
   return of a transient failure status (by mail message or otherwise)
   as a non-delivery indication, just as a permanent failure would be
   interpreted.  If the client SMTP successfully handles these
   conditions, the user will not receive such a reply.

   When an SMTP server returns a permanent error status (5yz) code after
   the DATA command is completed with <CRLF>.<CRLF>, it MUST NOT make
   any subsequent attempt to deliver the message.  As with temporary
   error status codes, the SMTP client retains responsibility for the
   message, but SHOULD not again attempt delivery to the same server
   without user review of the message and response and appropriate

4.3. Sequencing of Commands and Replies

4.3.1. Sequencing Overview

The communication between the sender and receiver is an alternating dialogue, controlled by the sender. As such, the sender issues a command and the receiver responds with a reply. Unless other arrangements are negotiated through service extensions, the sender MUST wait for this response before sending further commands. One important reply is the connection greeting. Normally, a receiver will send a 220 "Service ready" reply when the connection is completed. The sender SHOULD wait for this greeting message before sending any commands. Note: all the greeting-type replies have the official name (the fully-qualified primary domain name) of the server host as the first word following the reply code. Sometimes the host will have no meaningful name. See Section 4.1.3 for a discussion of alternatives in these situations. For example, 220 ISIF.USC.EDU Service ready or 220 SuperSMTP v 6.1.2 Service ready or 220 [] Clueless host service ready The table below lists alternative success and failure replies for each command. These SHOULD be strictly adhered to. A receiver MAY
Top   ToC   RFC5321 - Page 55
   substitute text in the replies, but the meanings and actions implied
   by the code numbers and by the specific command reply sequence MUST
   be preserved.

4.3.2. Command-Reply Sequences

Each command is listed with its usual possible replies. The prefixes used before the possible replies are "I" for intermediate, "S" for success, and "E" for error. Since some servers may generate other replies under special circumstances, and to allow for future extension, SMTP clients SHOULD, when possible, interpret only the first digit of the reply and MUST be prepared to deal with unrecognized reply codes by interpreting the first digit only. Unless extended using the mechanisms described in Section 2.2, SMTP servers MUST NOT transmit reply codes to an SMTP client that are other than three digits or that do not start in a digit between 2 and 5 inclusive. These sequencing rules and, in principle, the codes themselves, can be extended or modified by SMTP extensions offered by the server and accepted (requested) by the client. However, if the target is more precise granularity in the codes, rather than codes for completely new purposes, the system described in RFC 3463 [25] SHOULD be used in preference to the invention of new codes. In addition to the codes listed below, any SMTP command can return any of the following codes if the corresponding unusual circumstances are encountered: 500 For the "command line too long" case or if the command name was not recognized. Note that producing a "command not recognized" error in response to the required subset of these commands is a violation of this specification. Similarly, producing a "command too long" message for a command line shorter than 512 characters would violate the provisions of Section 501 Syntax error in command or arguments. In order to provide for future extensions, commands that are specified in this document as not accepting arguments (DATA, RSET, QUIT) SHOULD return a 501 message if arguments are supplied in the absence of EHLO- advertised extensions. 421 Service shutting down and closing transmission channel
Top   ToC   RFC5321 - Page 56
   Specific sequences are:


         S: 220
         E: 554

      EHLO or HELO

         S: 250
         E: 504 (a conforming implementation could return this code only
         in fairly obscure cases), 550, 502 (permitted only with an old-
         style server that does not support EHLO)


         S: 250
         E: 552, 451, 452, 550, 553, 503, 455, 555


         S: 250, 251 (but see Section 3.4 for discussion of 251 and 551)
         E: 550, 551, 552, 553, 450, 451, 452, 503, 455, 555


         I: 354 -> data -> S: 250

                           E: 552, 554, 451, 452

                           E: 450, 550 (rejections for policy reasons)

         E: 503, 554


         S: 250


         S: 250, 251, 252
         E: 550, 551, 553, 502, 504


         S: 250, 252
         E: 550, 500, 502, 504
Top   ToC   RFC5321 - Page 57

         S: 211, 214
         E: 502, 504


         S: 250


         S: 221

4.4. Trace Information

When an SMTP server receives a message for delivery or further processing, it MUST insert trace ("time stamp" or "Received") information at the beginning of the message content, as discussed in Section This line MUST be structured as follows: o The FROM clause, which MUST be supplied in an SMTP environment, SHOULD contain both (1) the name of the source host as presented in the EHLO command and (2) an address literal containing the IP address of the source, determined from the TCP connection. o The ID clause MAY contain an "@" as suggested in RFC 822, but this is not required. o If the FOR clause appears, it MUST contain exactly one <path> entry, even when multiple RCPT commands have been given. Multiple <path>s raise some security issues and have been deprecated, see Section 7.2. An Internet mail program MUST NOT change or delete a Received: line that was previously added to the message header section. SMTP servers MUST prepend Received lines to messages; they MUST NOT change the order of existing lines or insert Received lines in any other location. As the Internet grows, comparability of Received header fields is important for detecting problems, especially slow relays. SMTP servers that create Received header fields SHOULD use explicit offsets in the dates (e.g., -0800), rather than time zone names of any type. Local time (with an offset) SHOULD be used rather than UT when feasible. This formulation allows slightly more information about local circumstances to be specified. If UT is needed, the
Top   ToC   RFC5321 - Page 58
   receiver need merely do some simple arithmetic to convert the values.
   Use of UT loses information about the time zone-location of the
   server.  If it is desired to supply a time zone name, it SHOULD be
   included in a comment.

   When the delivery SMTP server makes the "final delivery" of a
   message, it inserts a return-path line at the beginning of the mail
   data.  This use of return-path is required; mail systems MUST support
   it.  The return-path line preserves the information in the <reverse-
   path> from the MAIL command.  Here, final delivery means the message
   has left the SMTP environment.  Normally, this would mean it had been
   delivered to the destination user or an associated mail drop, but in
   some cases it may be further processed and transmitted by another
   mail system.

   It is possible for the mailbox in the return path to be different
   from the actual sender's mailbox, for example, if error responses are
   to be delivered to a special error handling mailbox rather than to
   the message sender.  When mailing lists are involved, this
   arrangement is common and useful as a means of directing errors to
   the list maintainer rather than the message originator.

   The text above implies that the final mail data will begin with a
   return path line, followed by one or more time stamp lines.  These
   lines will be followed by the rest of the mail data: first the
   balance of the mail header section and then the body (RFC 5322 [4]).

   It is sometimes difficult for an SMTP server to determine whether or
   not it is making final delivery since forwarding or other operations
   may occur after the message is accepted for delivery.  Consequently,
   any further (forwarding, gateway, or relay) systems MAY remove the
   return path and rebuild the MAIL command as needed to ensure that
   exactly one such line appears in a delivered message.

   A message-originating SMTP system SHOULD NOT send a message that
   already contains a Return-path header field.  SMTP servers performing
   a relay function MUST NOT inspect the message data, and especially
   not to the extent needed to determine if Return-path header fields
   are present.  SMTP servers making final delivery MAY remove Return-
   path header fields before adding their own.

   The primary purpose of the Return-path is to designate the address to
   which messages indicating non-delivery or other mail system failures
   are to be sent.  For this to be unambiguous, exactly one return path
   SHOULD be present when the message is delivered.  Systems using RFC
   822 syntax with non-SMTP transports SHOULD designate an unambiguous
   address, associated with the transport envelope, to which error
   reports (e.g., non-delivery messages) should be sent.
Top   ToC   RFC5321 - Page 59
   Historical note: Text in RFC 822 that appears to contradict the use
   of the Return-path header field (or the envelope reverse-path address
   from the MAIL command) as the destination for error messages is not
   applicable on the Internet.  The reverse-path address (as copied into
   the Return-path) MUST be used as the target of any mail containing
   delivery error messages.

   In particular:
   o  a gateway from SMTP -> elsewhere SHOULD insert a return-path
      header field, unless it is known that the "elsewhere" transport
      also uses Internet domain addresses and maintains the envelope
      sender address separately.

   o  a gateway from elsewhere -> SMTP SHOULD delete any return-path
      header field present in the message, and either copy that
      information to the SMTP envelope or combine it with information
      present in the envelope of the other transport system to construct
      the reverse-path argument to the MAIL command in the SMTP

   The server must give special treatment to cases in which the
   processing following the end of mail data indication is only
   partially successful.  This could happen if, after accepting several
   recipients and the mail data, the SMTP server finds that the mail
   data could be successfully delivered to some, but not all, of the
   recipients.  In such cases, the response to the DATA command MUST be
   an OK reply.  However, the SMTP server MUST compose and send an
   "undeliverable mail" notification message to the originator of the

   A single notification listing all of the failed recipients or
   separate notification messages MUST be sent for each failed
   recipient.  For economy of processing by the sender, the former
   SHOULD be used when possible.  Note that the key difference between
   handling aliases (Section 3.9.1) and forwarding (this subsection) is
   the change to the backward-pointing address in this case.  All
   notification messages about undeliverable mail MUST be sent using the
   MAIL command (even if they result from processing the obsolete SEND,
   SOML, or SAML commands) and MUST use a null return path as discussed
   in Section 3.6.

   The time stamp line and the return path line are formally defined as
   follows (the definitions for "FWS" and "CFWS" appear in RFC 5322

   Return-path-line  = "Return-Path:" FWS Reverse-path <CRLF>

   Time-stamp-line  = "Received:" FWS Stamp <CRLF>
Top   ToC   RFC5321 - Page 60
   Stamp          = From-domain By-domain Opt-info [CFWS] ";"
                  FWS date-time
                  ; where "date-time" is as defined in RFC 5322 [4]
                  ; but the "obs-" forms, especially two-digit
                  ; years, are prohibited in SMTP and MUST NOT be used.

   From-domain    = "FROM" FWS Extended-Domain

   By-domain      = CFWS "BY" FWS Extended-Domain

   Extended-Domain  = Domain /
                    ( Domain FWS "(" TCP-info ")" ) /
                    ( address-literal FWS "(" TCP-info ")" )

   TCP-info       = address-literal / ( Domain FWS address-literal )
                  ; Information derived by server from TCP connection
                  ; not client EHLO.

   Opt-info       = [Via] [With] [ID] [For]

   Via            = CFWS "VIA" FWS Link

   With           = CFWS "WITH" FWS Protocol

   ID             = CFWS "ID" FWS ( Atom / msg-id )
                  ; msg-id is defined in RFC 5322 [4]

   For            = CFWS "FOR" FWS ( Path / Mailbox )

   Additional-Registered-Clauses  = CFWS Atom FWS String
                                  ; Additional standard clauses may be
                                  added in this
                                  ; location by future standards and
                                  registration with
                                  ; IANA.  SMTP servers SHOULD NOT use
                                  ; names.  See Section 8.

   Link           = "TCP" / Addtl-Link

   Addtl-Link     = Atom
                  ; Additional standard names for links are
                  ; registered with the Internet Assigned Numbers
                  ; Authority (IANA).  "Via" is primarily of value
                  ; with non-Internet transports.  SMTP servers
                  ; SHOULD NOT use unregistered names.
Top   ToC   RFC5321 - Page 61
   Protocol       = "ESMTP" / "SMTP" / Attdl-Protocol

   Attdl-Protocol = Atom
                  ; Additional standard names for protocols are
                  ; registered with the Internet Assigned Numbers
                  ; Authority (IANA) in the "mail parameters"
                  ; registry [9].  SMTP servers SHOULD NOT
                  ; use unregistered names.

4.5. Additional Implementation Issues

4.5.1. Minimum Implementation

In order to make SMTP workable, the following minimum implementation MUST be provided by all receivers. The following commands MUST be supported to conform to this specification: EHLO HELO MAIL RCPT DATA RSET NOOP QUIT VRFY Any system that includes an SMTP server supporting mail relaying or delivery MUST support the reserved mailbox "postmaster" as a case- insensitive local name. This postmaster address is not strictly necessary if the server always returns 554 on connection opening (as described in Section 3.1). The requirement to accept mail for postmaster implies that RCPT commands that specify a mailbox for postmaster at any of the domains for which the SMTP server provides mail service, as well as the special case of "RCPT TO:<Postmaster>" (with no domain specification), MUST be supported. SMTP systems are expected to make every reasonable effort to accept mail directed to Postmaster from any other system on the Internet. In extreme cases -- such as to contain a denial of service attack or other breach of security -- an SMTP server may block mail directed to Postmaster. However, such arrangements SHOULD be narrowly tailored so as to avoid blocking messages that are not part of such attacks.
Top   ToC   RFC5321 - Page 62

4.5.2. Transparency

Without some provision for data transparency, the character sequence "<CRLF>.<CRLF>" ends the mail text and cannot be sent by the user. In general, users are not aware of such "forbidden" sequences. To allow all user composed text to be transmitted transparently, the following procedures are used: o Before sending a line of mail text, the SMTP client checks the first character of the line. If it is a period, one additional period is inserted at the beginning of the line. o When a line of mail text is received by the SMTP server, it checks the line. If the line is composed of a single period, it is treated as the end of mail indicator. If the first character is a period and there are other characters on the line, the first character is deleted. The mail data may contain any of the 128 ASCII characters. All characters are to be delivered to the recipient's mailbox, including spaces, vertical and horizontal tabs, and other control characters. If the transmission channel provides an 8-bit byte (octet) data stream, the 7-bit ASCII codes are transmitted, right justified, in the octets, with the high-order bits cleared to zero. See Section 3.6 for special treatment of these conditions in SMTP systems serving a relay function. In some systems, it may be necessary to transform the data as it is received and stored. This may be necessary for hosts that use a different character set than ASCII as their local character set, that store data in records rather than strings, or which use special character sequences as delimiters inside mailboxes. If such transformations are necessary, they MUST be reversible, especially if they are applied to mail being relayed.

4.5.3. Sizes and Timeouts Size Limits and Minimums
There are several objects that have required minimum/maximum sizes. Every implementation MUST be able to receive objects of at least these sizes. Objects larger than these sizes SHOULD be avoided when possible. However, some Internet mail constructs such as encoded X.400 addresses (RFC 2156 [35]) will often require larger objects. Clients MAY attempt to transmit these, but MUST be prepared for a server to reject them if they cannot be handled by it. To the maximum extent possible, implementation techniques that impose no limits on the length of these objects should be used.
Top   ToC   RFC5321 - Page 63
   Extensions to SMTP may involve the use of characters that occupy more
   than a single octet each.  This section therefore specifies lengths
   in octets where absolute lengths, rather than character counts, are
   intended. Local-part
The maximum total length of a user name or other local-part is 64 octets. Domain
The maximum total length of a domain name or number is 255 octets. Path
The maximum total length of a reverse-path or forward-path is 256 octets (including the punctuation and element separators). Command Line
The maximum total length of a command line including the command word and the <CRLF> is 512 octets. SMTP extensions may be used to increase this limit. Reply Line
The maximum total length of a reply line including the reply code and the <CRLF> is 512 octets. More information may be conveyed through multiple-line replies. Text Line
The maximum total length of a text line including the <CRLF> is 1000 octets (not counting the leading dot duplicated for transparency). This number may be increased by the use of SMTP Service Extensions. Message Content
The maximum total length of a message content (including any message header section as well as the message body) MUST BE at least 64K octets. Since the introduction of Internet Standards for multimedia mail (RFC 2045 [21]), message lengths on the Internet have grown dramatically, and message size restrictions should be avoided if at all possible. SMTP server systems that must impose restrictions SHOULD implement the "SIZE" service extension of RFC 1870 [10], and SMTP client systems that will send large messages SHOULD utilize it when possible.
Top   ToC   RFC5321 - Page 64 Recipients Buffer
The minimum total number of recipients that MUST be buffered is 100 recipients. Rejection of messages (for excessive recipients) with fewer than 100 RCPT commands is a violation of this specification. The general principle that relaying SMTP server MUST NOT, and delivery SMTP servers SHOULD NOT, perform validation tests on message header fields suggests that messages SHOULD NOT be rejected based on the total number of recipients shown in header fields. A server that imposes a limit on the number of recipients MUST behave in an orderly fashion, such as rejecting additional addresses over its limit rather than silently discarding addresses previously accepted. A client that needs to deliver a message containing over 100 RCPT commands SHOULD be prepared to transmit in 100-recipient "chunks" if the server declines to accept more than 100 recipients in a single message. Treatment When Limits Exceeded
Errors due to exceeding these limits may be reported by using the reply codes. Some examples of reply codes are: 500 Line too long. or 501 Path too long or 452 Too many recipients (see below) or 552 Too much mail data. Too Many Recipients Code
RFC 821 [1] incorrectly listed the error where an SMTP server exhausts its implementation limit on the number of RCPT commands ("too many recipients") as having reply code 552. The correct reply code for this condition is 452. Clients SHOULD treat a 552 code in this case as a temporary, rather than permanent, failure so the logic below works. When a conforming SMTP server encounters this condition, it has at least 100 successful RCPT commands in its recipients buffer. If the server is able to accept the message, then at least these 100
Top   ToC   RFC5321 - Page 65
   addresses will be removed from the SMTP client's queue.  When the
   client attempts retransmission of those addresses that received 452
   responses, at least 100 of these will be able to fit in the SMTP
   server's recipients buffer.  Each retransmission attempt that is able
   to deliver anything will be able to dispose of at least 100 of these

   If an SMTP server has an implementation limit on the number of RCPT
   commands and this limit is exhausted, it MUST use a response code of
   452 (but the client SHOULD also be prepared for a 552, as noted
   above).  If the server has a configured site-policy limitation on the
   number of RCPT commands, it MAY instead use a 5yz response code.  In
   particular, if the intent is to prohibit messages with more than a
   site-specified number of recipients, rather than merely limit the
   number of recipients in a given mail transaction, it would be
   reasonable to return a 503 response to any DATA command received
   subsequent to the 452 (or 552) code or to simply return the 503 after
   DATA without returning any previous negative response. Timeouts
An SMTP client MUST provide a timeout mechanism. It MUST use per- command timeouts rather than somehow trying to time the entire mail transaction. Timeouts SHOULD be easily reconfigurable, preferably without recompiling the SMTP code. To implement this, a timer is set for each SMTP command and for each buffer of the data transfer. The latter means that the overall timeout is inherently proportional to the size of the message. Based on extensive experience with busy mail-relay hosts, the minimum per-command timeout values SHOULD be as follows: Initial 220 Message: 5 Minutes
An SMTP client process needs to distinguish between a failed TCP connection and a delay in receiving the initial 220 greeting message. Many SMTP servers accept a TCP connection but delay delivery of the 220 message until their system load permits more mail to be processed. MAIL Command: 5 Minutes RCPT Command: 5 Minutes
A longer timeout is required if processing of mailing lists and aliases is not deferred until after the message was accepted.
Top   ToC   RFC5321 - Page 66 DATA Initiation: 2 Minutes
This is while awaiting the "354 Start Input" reply to a DATA command. Data Block: 3 Minutes
This is while awaiting the completion of each TCP SEND call transmitting a chunk of data. DATA Termination: 10 Minutes.
This is while awaiting the "250 OK" reply. When the receiver gets the final period terminating the message data, it typically performs processing to deliver the message to a user mailbox. A spurious timeout at this point would be very wasteful and would typically result in delivery of multiple copies of the message, since it has been successfully sent and the server has accepted responsibility for delivery. See Section 6.1 for additional discussion. Server Timeout: 5 Minutes.
An SMTP server SHOULD have a timeout of at least 5 minutes while it is awaiting the next command from the sender.

4.5.4. Retry Strategies

The common structure of a host SMTP implementation includes user mailboxes, one or more areas for queuing messages in transit, and one or more daemon processes for sending and receiving mail. The exact structure will vary depending on the needs of the users on the host and the number and size of mailing lists supported by the host. We describe several optimizations that have proved helpful, particularly for mailers supporting high traffic levels. Any queuing strategy MUST include timeouts on all activities on a per-command basis. A queuing strategy MUST NOT send error messages in response to error messages under any circumstances. Sending Strategy
The general model for an SMTP client is one or more processes that periodically attempt to transmit outgoing mail. In a typical system, the program that composes a message has some method for requesting immediate attention for a new piece of outgoing mail, while mail that cannot be transmitted immediately MUST be queued and periodically retried by the sender. A mail queue entry will include not only the message itself but also the envelope information.
Top   ToC   RFC5321 - Page 67
   The sender MUST delay retrying a particular destination after one
   attempt has failed.  In general, the retry interval SHOULD be at
   least 30 minutes; however, more sophisticated and variable strategies
   will be beneficial when the SMTP client can determine the reason for

   Retries continue until the message is transmitted or the sender gives
   up; the give-up time generally needs to be at least 4-5 days.  It MAY
   be appropriate to set a shorter maximum number of retries for non-
   delivery notifications and equivalent error messages than for
   standard messages.  The parameters to the retry algorithm MUST be

   A client SHOULD keep a list of hosts it cannot reach and
   corresponding connection timeouts, rather than just retrying queued
   mail items.

   Experience suggests that failures are typically transient (the target
   system or its connection has crashed), favoring a policy of two
   connection attempts in the first hour the message is in the queue,
   and then backing off to one every two or three hours.

   The SMTP client can shorten the queuing delay in cooperation with the
   SMTP server.  For example, if mail is received from a particular
   address, it is likely that mail queued for that host can now be sent.
   Application of this principle may, in many cases, eliminate the
   requirement for an explicit "send queues now" function such as ETRN,
   RFC 1985 [36].

   The strategy may be further modified as a result of multiple
   addresses per host (see below) to optimize delivery time versus
   resource usage.

   An SMTP client may have a large queue of messages for each
   unavailable destination host.  If all of these messages were retried
   in every retry cycle, there would be excessive Internet overhead and
   the sending system would be blocked for a long period.  Note that an
   SMTP client can generally determine that a delivery attempt has
   failed only after a timeout of several minutes, and even a one-minute
   timeout per connection will result in a very large delay if retries
   are repeated for dozens, or even hundreds, of queued messages to the
   same host.

   At the same time, SMTP clients SHOULD use great care in caching
   negative responses from servers.  In an extreme case, if EHLO is
   issued multiple times during the same SMTP connection, different
   answers may be returned by the server.  More significantly, 5yz
   responses to the MAIL command MUST NOT be cached.
Top   ToC   RFC5321 - Page 68
   When a mail message is to be delivered to multiple recipients, and
   the SMTP server to which a copy of the message is to be sent is the
   same for multiple recipients, then only one copy of the message
   SHOULD be transmitted.  That is, the SMTP client SHOULD use the
   command sequence: MAIL, RCPT, RCPT, ..., RCPT, DATA instead of the
   sequence: MAIL, RCPT, DATA, ..., MAIL, RCPT, DATA.  However, if there
   are very many addresses, a limit on the number of RCPT commands per
   MAIL command MAY be imposed.  This efficiency feature SHOULD be

   Similarly, to achieve timely delivery, the SMTP client MAY support
   multiple concurrent outgoing mail transactions.  However, some limit
   may be appropriate to protect the host from devoting all its
   resources to mail. Receiving Strategy
The SMTP server SHOULD attempt to keep a pending listen on the SMTP port (specified by IANA as port 25) at all times. This requires the support of multiple incoming TCP connections for SMTP. Some limit MAY be imposed, but servers that cannot handle more than one SMTP transaction at a time are not in conformance with the intent of this specification. As discussed above, when the SMTP server receives mail from a particular host address, it could activate its own SMTP queuing mechanisms to retry any mail pending for that host address.

4.5.5. Messages with a Null Reverse-Path

There are several types of notification messages that are required by existing and proposed Standards to be sent with a null reverse-path, namely non-delivery notifications as discussed in Section 3.7, other kinds of Delivery Status Notifications (DSNs, RFC 3461 [32]), and Message Disposition Notifications (MDNs, RFC 3798 [37]). All of these kinds of messages are notifications about a previous message, and they are sent to the reverse-path of the previous mail message. (If the delivery of such a notification message fails, that usually indicates a problem with the mail system of the host to which the notification message is addressed. For this reason, at some hosts the MTA is set up to forward such failed notification messages to someone who is able to fix problems with the mail system, e.g., via the postmaster alias.) All other types of messages (i.e., any message which is not required by a Standards-Track RFC to have a null reverse-path) SHOULD be sent with a valid, non-null reverse-path.
Top   ToC   RFC5321 - Page 69
   Implementers of automated email processors should be careful to make
   sure that the various kinds of messages with a null reverse-path are
   handled correctly.  In particular, such systems SHOULD NOT reply to
   messages with a null reverse-path, and they SHOULD NOT add a non-null
   reverse-path, or change a null reverse-path to a non-null one, to
   such messages when forwarding.

5. Address Resolution and Mail Handling

5.1. Locating the Target Host

Once an SMTP client lexically identifies a domain to which mail will be delivered for processing (as described in Sections 2.3.5 and 3.6), a DNS lookup MUST be performed to resolve the domain name (RFC 1035 [2]). The names are expected to be fully-qualified domain names (FQDNs): mechanisms for inferring FQDNs from partial names or local aliases are outside of this specification. Due to a history of problems, SMTP servers used for initial submission of messages SHOULD NOT make such inferences (Message Submission Servers [18] have somewhat more flexibility) and intermediate (relay) SMTP servers MUST NOT make them. The lookup first attempts to locate an MX record associated with the name. If a CNAME record is found, the resulting name is processed as if it were the initial name. If a non-existent domain error is returned, this situation MUST be reported as an error. If a temporary error is returned, the message MUST be queued and retried later (see Section If an empty list of MXs is returned, the address is treated as if it was associated with an implicit MX RR, with a preference of 0, pointing to that host. If MX records are present, but none of them are usable, or the implicit MX is unusable, this situation MUST be reported as an error. If one or more MX RRs are found for a given name, SMTP systems MUST NOT utilize any address RRs associated with that name unless they are located using the MX RRs; the "implicit MX" rule above applies only if there are no MX records present. If MX records are present, but none of them are usable, this situation MUST be reported as an error. When a domain name associated with an MX RR is looked up and the associated data field obtained, the data field of that response MUST contain a domain name. That domain name, when queried, MUST return at least one address record (e.g., A or AAAA RR) that gives the IP address of the SMTP server to which the message should be directed. Any other response, specifically including a value that will return a CNAME record when queried, lies outside the scope of this Standard. The prohibition on labels in the data that resolve to CNAMEs is discussed in more detail in RFC 2181, Section 10.3 [38].
Top   ToC   RFC5321 - Page 70
   When the lookup succeeds, the mapping can result in a list of
   alternative delivery addresses rather than a single address, because
   of multiple MX records, multihoming, or both.  To provide reliable
   mail transmission, the SMTP client MUST be able to try (and retry)
   each of the relevant addresses in this list in order, until a
   delivery attempt succeeds.  However, there MAY also be a configurable
   limit on the number of alternate addresses that can be tried.  In any
   case, the SMTP client SHOULD try at least two addresses.

   Two types of information are used to rank the host addresses:
   multiple MX records, and multihomed hosts.

   MX records contain a preference indication that MUST be used in
   sorting if more than one such record appears (see below).  Lower
   numbers are more preferred than higher ones.  If there are multiple
   destinations with the same preference and there is no clear reason to
   favor one (e.g., by recognition of an easily reached address), then
   the sender-SMTP MUST randomize them to spread the load across
   multiple mail exchangers for a specific organization.

   The destination host (perhaps taken from the preferred MX record) may
   be multihomed, in which case the domain name resolver will return a
   list of alternative IP addresses.  It is the responsibility of the
   domain name resolver interface to have ordered this list by
   decreasing preference if necessary, and the SMTP sender MUST try them
   in the order presented.

   Although the capability to try multiple alternative addresses is
   required, specific installations may want to limit or disable the use
   of alternative addresses.  The question of whether a sender should
   attempt retries using the different addresses of a multihomed host
   has been controversial.  The main argument for using the multiple
   addresses is that it maximizes the probability of timely delivery,
   and indeed sometimes the probability of any delivery; the counter-
   argument is that it may result in unnecessary resource use.  Note
   that resource use is also strongly determined by the sending strategy
   discussed in Section

   If an SMTP server receives a message with a destination for which it
   is a designated Mail eXchanger, it MAY relay the message (potentially
   after having rewritten the MAIL FROM and/or RCPT TO addresses), make
   final delivery of the message, or hand it off using some mechanism
   outside the SMTP-provided transport environment.  Of course, neither
   of the latter require that the list of MX records be examined

   If it determines that it should relay the message without rewriting
   the address, it MUST sort the MX records to determine candidates for
Top   ToC   RFC5321 - Page 71
   delivery.  The records are first ordered by preference, with the
   lowest-numbered records being most preferred.  The relay host MUST
   then inspect the list for any of the names or addresses by which it
   might be known in mail transactions.  If a matching record is found,
   all records at that preference level and higher-numbered ones MUST be
   discarded from consideration.  If there are no records left at that
   point, it is an error condition, and the message MUST be returned as
   undeliverable.  If records do remain, they SHOULD be tried, best
   preference first, as described above.

5.2. IPv6 and MX Records

In the contemporary Internet, SMTP clients and servers may be hosted on IPv4 systems, IPv6 systems, or dual-stack systems that are compatible with either version of the Internet Protocol. The host domains to which MX records point may, consequently, contain "A RR"s (IPv4), "AAAA RR"s (IPv6), or any combination of them. While RFC 3974 [39] discusses some operational experience in mixed environments, it was not comprehensive enough to justify standardization, and some of its recommendations appear to be inconsistent with this specification. The appropriate actions to be taken either will depend on local circumstances, such as performance of the relevant networks and any conversions that might be necessary, or will be obvious (e.g., an IPv6-only client need not attempt to look up A RRs or attempt to reach IPv4-only servers). Designers of SMTP implementations that might run in IPv6 or dual-stack environments should study the procedures above, especially the comments about multihomed hosts, and, preferably, provide mechanisms to facilitate operational tuning and mail interoperability between IPv4 and IPv6 systems while considering local circumstances.

6. Problem Detection and Handling

6.1. Reliable Delivery and Replies by Email

When the receiver-SMTP accepts a piece of mail (by sending a "250 OK" message in response to DATA), it is accepting responsibility for delivering or relaying the message. It must take this responsibility seriously. It MUST NOT lose the message for frivolous reasons, such as because the host later crashes or because of a predictable resource shortage. Some reasons that are not considered frivolous are discussed in the next subsection and in Section 7.8. If there is a delivery failure after acceptance of a message, the receiver-SMTP MUST formulate and mail a notification message. This notification MUST be sent using a null ("<>") reverse-path in the envelope. The recipient of this notification MUST be the address from the envelope return path (or the Return-Path: line). However,
Top   ToC   RFC5321 - Page 72
   if this address is null ("<>"), the receiver-SMTP MUST NOT send a
   notification.  Obviously, nothing in this section can or should
   prohibit local decisions (i.e., as part of the same system
   environment as the receiver-SMTP) to log or otherwise transmit
   information about null address events locally if that is desired.  If
   the address is an explicit source route, it MUST be stripped down to
   its final hop.

   For example, suppose that an error notification must be sent for a
   message that arrived with:

      MAIL FROM:<@a,@b:user@d>

   The notification message MUST be sent using:

      RCPT TO:<user@d>

   Some delivery failures after the message is accepted by SMTP will be
   unavoidable.  For example, it may be impossible for the receiving
   SMTP server to validate all the delivery addresses in RCPT command(s)
   due to a "soft" domain system error, because the target is a mailing
   list (see earlier discussion of RCPT), or because the server is
   acting as a relay and has no immediate access to the delivering

   To avoid receiving duplicate messages as the result of timeouts, a
   receiver-SMTP MUST seek to minimize the time required to respond to
   the final <CRLF>.<CRLF> end of data indicator.  See RFC 1047 [40] for
   a discussion of this problem.

6.2. Unwanted, Unsolicited, and "Attack" Messages

Utility and predictability of the Internet mail system requires that messages that can be delivered should be delivered, regardless of any syntax or other faults associated with those messages and regardless of their content. If they cannot be delivered, and cannot be rejected by the SMTP server during the SMTP transaction, they should be "bounced" (returned with non-delivery notification messages) as described above. In today's world, in which many SMTP server operators have discovered that the quantity of undesirable bulk email vastly exceeds the quantity of desired mail and in which accepting a message may trigger additional undesirable traffic by providing verification of the address, those principles may not be practical. As discussed in Section 7.8 and Section 7.9 below, dropping mail without notification of the sender is permitted in practice. However, it is extremely dangerous and violates a long tradition and community expectations that mail is either delivered or returned. If
Top   ToC   RFC5321 - Page 73
   silent message-dropping is misused, it could easily undermine
   confidence in the reliability of the Internet's mail systems.  So
   silent dropping of messages should be considered only in those cases
   where there is very high confidence that the messages are seriously
   fraudulent or otherwise inappropriate.

   To stretch the principle of delivery if possible even further, it may
   be a rational policy to not deliver mail that has an invalid return
   address, although the history of the network is that users are
   typically better served by delivering any message that can be
   delivered.  Reliably determining that a return address is invalid can
   be a difficult and time-consuming process, especially if the putative
   sending system is not directly accessible or does not fully and
   accurately support VRFY and, even if a "drop messages with invalid
   return addresses" policy is adopted, it SHOULD be applied only when
   there is near-certainty that the return addresses are, in fact,

   Conversely, if a message is rejected because it is found to contain
   hostile content (a decision that is outside the scope of an SMTP
   server as defined in this document), rejection ("bounce") messages
   SHOULD NOT be sent unless the receiving site is confident that those
   messages will be usefully delivered.  The preference and default in
   these cases is to avoid sending non-delivery messages when the
   incoming message is determined to contain hostile content.

6.3. Loop Detection

Simple counting of the number of "Received:" header fields in a message has proven to be an effective, although rarely optimal, method of detecting loops in mail systems. SMTP servers using this technique SHOULD use a large rejection threshold, normally at least 100 Received entries. Whatever mechanisms are used, servers MUST contain provisions for detecting and stopping trivial loops.

6.4. Compensating for Irregularities

Unfortunately, variations, creative interpretations, and outright violations of Internet mail protocols do occur; some would suggest that they occur quite frequently. The debate as to whether a well- behaved SMTP receiver or relay should reject a malformed message, attempt to pass it on unchanged, or attempt to repair it to increase the odds of successful delivery (or subsequent reply) began almost with the dawn of structured network mail and shows no signs of abating. Advocates of rejection claim that attempted repairs are rarely completely adequate and that rejection of bad messages is the only way to get the offending software repaired. Advocates of "repair" or "deliver no matter what" argue that users prefer that
Top   ToC   RFC5321 - Page 74
   mail go through it if at all possible and that there are significant
   market pressures in that direction.  In practice, these market
   pressures may be more important to particular vendors than strict
   conformance to the standards, regardless of the preference of the
   actual developers.

   The problems associated with ill-formed messages were exacerbated by
   the introduction of the split-UA mail reading protocols (Post Office
   Protocol (POP) version 2 [15], Post Office Protocol (POP) version 3
   [16], IMAP version 2 [41], and PCMAIL [42]).  These protocols
   encouraged the use of SMTP as a posting (message submission)
   protocol, and SMTP servers as relay systems for these client hosts
   (which are often only intermittently connected to the Internet).
   Historically, many of those client machines lacked some of the
   mechanisms and information assumed by SMTP (and indeed, by the mail
   format protocol, RFC 822 [28]).  Some could not keep adequate track
   of time; others had no concept of time zones; still others could not
   identify their own names or addresses; and, of course, none could
   satisfy the assumptions that underlay RFC 822's conception of
   authenticated addresses.

   In response to these weak SMTP clients, many SMTP systems now
   complete messages that are delivered to them in incomplete or
   incorrect form.  This strategy is generally considered appropriate
   when the server can identify or authenticate the client, and there
   are prior agreements between them.  By contrast, there is at best
   great concern about fixes applied by a relay or delivery SMTP server
   that has little or no knowledge of the user or client machine.  Many
   of these issues are addressed by using a separate protocol, such as
   that defined in RFC 4409 [18], for message submission, rather than
   using originating SMTP servers for that purpose.

   The following changes to a message being processed MAY be applied
   when necessary by an originating SMTP server, or one used as the
   target of SMTP as an initial posting (message submission) protocol:

   o  Addition of a message-id field when none appears

   o  Addition of a date, time, or time zone when none appears

   o  Correction of addresses to proper FQDN format

   The less information the server has about the client, the less likely
   these changes are to be correct and the more caution and conservatism
   should be applied when considering whether or not to perform fixes
   and how.  These changes MUST NOT be applied by an SMTP server that
   provides an intermediate relay function.
Top   ToC   RFC5321 - Page 75
   In all cases, properly operating clients supplying correct
   information are preferred to corrections by the SMTP server.  In all
   cases, documentation SHOULD be provided in trace header fields and/or
   header field comments for actions performed by the servers.

(page 75 continued on part 4)

Next Section