[Docs] [txt|pdf] [Tracker] [WG] [Email] [Nits]

Versions: 00 01 draft-ietf-appsawg-rrvs-header-field

Network Working Group                                           W. Mills
Internet-Draft                                               Yahoo! Inc.
Intended status: Informational                              M. Kucherawy
Expires: January 16, 2014                                 Facebook, Inc.
                                                           July 15, 2013


             The Require-Recipient-Valid-Since Header Field
                   draft-wmills-rrvs-header-field-00

Abstract

   This document defines an email header field, Require-Recipient-Valid-
   Since, to provide a method for senders to indicate to receivers the
   time when the sender last confirmed the ownership of the target
   mailbox.  This can be used to detect changes of mailbox ownership,
   and thus prevent mail from being delivered to the wrong party.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on January 16, 2014.

Copyright Notice

   Copyright (c) 2013 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as



Mills & Kucherawy       Expires January 16, 2014                [Page 1]

Internet-Draft        Require-Recipient-Valid-Since            July 2013


   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 3
   2.  Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . 3
   3.  Description . . . . . . . . . . . . . . . . . . . . . . . . . . 3
   4.  Discussion  . . . . . . . . . . . . . . . . . . . . . . . . . . 4
   5.  Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
   6.  Privacy Considerations  . . . . . . . . . . . . . . . . . . . . 5
   7.  Security Considerations . . . . . . . . . . . . . . . . . . . . 6
   8.  IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6
   9.  References  . . . . . . . . . . . . . . . . . . . . . . . . . . 6
     9.1.  Normative References  . . . . . . . . . . . . . . . . . . . 6
     9.2.  Informative References  . . . . . . . . . . . . . . . . . . 6
   Appendix A.  Acknowledgements . . . . . . . . . . . . . . . . . . . 7



































Mills & Kucherawy       Expires January 16, 2014                [Page 2]

Internet-Draft        Require-Recipient-Valid-Since            July 2013


1.  Introduction

   Mailbox Service Providers (MSPs) are public, often free, services
   that provide email sending and receiving capabilities to users.  Some
   of them have policies that allow for expiration of account names when
   they have been unused for a protracted period.  If an expired account
   name can be reclaimed, there is a risk of delivery of mail to the
   wrong party if some message author is unaware of this change of
   ownership.

   This document defines a header field called Require-Recipient-Valid-
   Since.  The content of this header field is a timestamp indicating at
   what point in time the message author believed the address to be
   under confirmed ownership of a specific party.  If the receiving
   system observes this field and can determine that the intended
   recipient mailbox has changed ownership since the provided timestamp,
   it can decline delivery, preventing possible misdelivery of mail.

2.  Definitions

   For a description of the email architecture, consult [EMAIL-ARCH].

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [KEYWORDS].

3.  Description

   The Require-Recipient-Valid-Since header field includes the original
   intended recipient coupled with a timestamp indicating the most
   recent date and time when the message author believed the destination
   mailbox to be under the continuous ownership of a specific party.
   Presumably there has been some confirmation process applied to
   establish this ownership; however, the methods of making such
   determinations is a local matter and outside the scope of this
   document.

   The general constraints on syntax and placement of header fields in a
   message are defined in Internet Message Format [MAIL].

   Using Augmented Backus-Naur Form [ABNF], the syntax for the field is:

       rrvs = "Require-Recipient-Valid-Since:" mailbox; date-time CRLF

   "CFWS" is defined in Section 3.2.2, "date-time" is defined in Section
   3.3, and "mailbox" is defined in Section 3.4, of [MAIL].

   A receiving system that implements this specification determines



Mills & Kucherawy       Expires January 16, 2014                [Page 3]

Internet-Draft        Require-Recipient-Valid-Since            July 2013


   whether the named mailbox is based at that receiving system, and has
   been under continuous ownership since the specified date.  If that
   address is found to be foreign, the header field is ignored.
   Otherwise, if continuous ownership since the indicated time can be
   established, the message is delivered normally; if not, the message
   is rejected.  It is preferred that the rejection be enacted as an
   error response to the Simple Mail Transfer Protocol [SMTP] "DATA"
   command verb, but this is not strictly necessary.

   When enacting the "DATA" rejection, servers use an SMTP error code
   (and Enhanced Mail System Status Code [ESC], if supported) that
   indicates the intended recipient cannot receive mail for policy
   reasons.  This is done because the mailbox identified in the header
   field does exist, but there is doubt about the identity of the owner
   of that mailbox.  By contrast, "no such user" errors are more
   commonly returned in reply to the "RCPT" command verb.

   Implementation is expected to be transparent to non participants,
   since they would typically ignore this header field.

   This header field SHOULD NOT be added to a message that is addressed
   to multiple recipients.  It is presumed that an author making use of
   this field is seeking to protect transactional or otherwise sensitive
   data intended for a single recipient.

   If the agent generating the message uses any kind of message
   authentication technology, the authentication SHOULD cover this
   header field if possible.  An agent receiving a message bearing this
   header field that is covered by some kind of authentication SHOULD
   NOT process it as described above if the authentication does not
   succeed.

   If the receiving system detects that the named mailbox is foreign, it
   is free to remove the header field prior to relaying it toward its
   destination.

4.  Discussion

   The presence of the intended mailbox supports the case where a
   message bearing this header field is forwarded.  The specific use
   case is as follows:

   1.  A user subscribes to a service "S" on data "D" and confirms an
       email address at the user's current location, "A";

   2.  At some later date, the user intends to leave the current
       location, and thus creates a new mailbox elsewhere, at "B";




Mills & Kucherawy       Expires January 16, 2014                [Page 4]

Internet-Draft        Require-Recipient-Valid-Since            July 2013


   3.  The user replaces mailbox "A" with forwarding to "B";

   4.  "S" constructs a message to "A" claiming that address was valid
       at date "D" and sends it to "A", which forwards to "B";

   5.  The receiving MTA at "B" asserts that "B" has not been under
       constant ownership since "D" and rejects the message.

   Some services generate messages with an RFC5322.To field that does
   not contain a valid address, in order to obscure the intended
   recipient.  For this reason, the original intended recipient is
   included in this header field.

5.  Example

   In the following example, "C:" indicates data sent by an SMTP client,
   and "S:" indicates respones by the SMTP server.  Message content is
   CRLF terminated, though these are omitted here for ease of reading.

     C: [connection established]
     S: 220 server.example.com ESMTP ready
     C: HELO client.example.net
     S: 250 server.example.com
     C: MAIL FROM:<sender@example.net>
     S: 250 OK
     C: RCPT TO:<receiver@example.com>
     S: 250 OK
     C: DATA
     S: 354 Ready for message content
     C: From: Mister Sender <sender@example.net>
        To: Miss Receiver <receiver@example.com>
        Subject: Are you still there?
        Date: Fri, 28 Jun 2013 18:01:01 +0200
        Require-Recipient-Valid-Since: receiver@example.com;
          Sat, 1 Jun 2013 09:23:01 -0700

        Are you still there?
        .
     S: 550 5.1.6 receiver@example.com is no longer valid
     C: QUIT
     S: 221 So long!

6.  Privacy Considerations

   This document proposes a solution to an issue that could cause mail
   to be unintentionally delivered to the wrong party.





Mills & Kucherawy       Expires January 16, 2014                [Page 5]

Internet-Draft        Require-Recipient-Valid-Since            July 2013


7.  Security Considerations

   The response of a server implementing this protocol can reveal
   information about the age of existing email accounts.

8.  IANA Considerations

   IANA is requested to add the following entry to the Permanent Message
   Header Field registry, as per the procedure found in [IANA-HEADERS]:

     Header field name: Require-Recipient-Valid-Since
     Applicable protocol: mail ([MAIL])
     Status: Standard
     Author/Change controller: IETF
     Specification document(s): [this document]
     Related information:
       Requesting review of any proposed changes and additions to
       this field is recommended.

9.  References

9.1.  Normative References

   [ABNF]          Crocker, D., Ed. and P. Overell, "Augmented BNF for
                   Syntax Specifications: ABNF", RFC 5234, January 2008.

   [IANA-HEADERS]  Klyne, G., Nottingham, M., and J. Mogul,
                   "Registration Procedures for Message Header Fields",
                   BCP 90, RFC 3864, September 2004.

   [KEYWORDS]      Bradner, S., "Key words for use in RFCs to Indicate
                   Requirement Levels", BCP 14, RFC 2119, March 1997.

   [MAIL]          Resnick, P., "Internet Message Format", RFC 5322,
                   October 2008.

   [SMTP]          Klensin, J., "Simple Mail Transfer Protocol",
                   RFC 5321, October 2008.

9.2.  Informative References

   [EMAIL-ARCH]    Crocker, D., "Internet Mail Architecture", RFC 5598,
                   July 2009.

   [ESC]           Vaudreuil, G., "Enhanced Mail System Status Codes",
                   RFC 3463, January 2003.





Mills & Kucherawy       Expires January 16, 2014                [Page 6]

Internet-Draft        Require-Recipient-Valid-Since            July 2013


Appendix A.  Acknowledgements

   Erling Ellingsen proposed the idea.

   Reviews and comments were provided by Gregg Stefancik, Ed Zayas,
   (others)

Authors' Addresses

   William J. Mills
   Yahoo! Inc.

   EMail: wmills_92105@yahoo.com


   Murray S. Kucherawy
   Facebook, Inc.
   1 Hacker Way
   Menlo Park, CA  94025
   USA

   EMail: msk@fb.com





























Mills & Kucherawy       Expires January 16, 2014                [Page 7]


Html markup produced by rfcmarkup 1.109, available from https://tools.ietf.org/tools/rfcmarkup/