Signalling one-click functionality for list email headers
draft-levine-herkula-oneclick-04

The information below is for an old version of the document
Document Type Active Internet-Draft (individual in art area)
Last updated 2016-09-12 (latest revision 2016-08-23)
Stream IETF
Intended RFC status Proposed Standard
Formats pdf htmlized (tools) htmlized bibtex
Reviews
Stream WG state (None)
Document shepherd Paul Kincaid-Smith
Shepherd write-up Show (last changed 2016-09-12)
IESG IESG state In Last Call
Consensus Boilerplate Yes
Telechat date
Responsible AD Alexey Melnikov
Send notices to "Paul Kincaid-Smith" <paulkincaidsmith@gmail.com>
IANA IANA review state IANA - Review Needed
Network Working Group                                          J. Levine
Internet-Draft                                      Taughannock Networks
Intended status: Standards Track                              T. Herkula
Expires: February 24, 2017                                   optivo GmbH
                                                         August 23, 2016

       Signalling one-click functionality for list email headers
                    draft-levine-herkula-oneclick-04

Abstract

   This document describes a method for signaling a one-click function
   for the list-unsubscribe email header.  The need for this arises out
   of the actuality that mail software sometimes fetches URLs in mail
   headers, and thereby accidentally triggers unsubscriptions in the
   case of the list-unsubscribe header.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on February 24, 2017.

Copyright Notice

   Copyright (c) 2016 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of

Levine & Herkula        Expires February 24, 2017               [Page 1]
Internet-Draft            One click unsubscribe              August 2016

   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Definitions . . . . . . . . . . . . . . . . . . . . . . . . .   3
   3.  High-Level Goals  . . . . . . . . . . . . . . . . . . . . . .   3
   4.  Out of Scope  . . . . . . . . . . . . . . . . . . . . . . . .   3
   5.  Implementation  . . . . . . . . . . . . . . . . . . . . . . .   3
     5.1.  Mail senders  . . . . . . . . . . . . . . . . . . . . . .   3
     5.2.  Mail receivers  . . . . . . . . . . . . . . . . . . . . .   4
   6.  Additional Requirements . . . . . . . . . . . . . . . . . . .   4
   7.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   5
   8.  Examples  . . . . . . . . . . . . . . . . . . . . . . . . . .   5
     8.1.  Simple  . . . . . . . . . . . . . . . . . . . . . . . . .   5
     8.2.  Complex . . . . . . . . . . . . . . . . . . . . . . . . .   5
   9.  Security Considerations . . . . . . . . . . . . . . . . . . .   6
   10. Normative References  . . . . . . . . . . . . . . . . . . . .   6
   Appendix A.  Change Log . . . . . . . . . . . . . . . . . . . . .   7
     A.1.  Changes from -03 to -04 . . . . . . . . . . . . . . . . .   7
     A.2.  Changes from -02 to -03 . . . . . . . . . . . . . . . . .   7
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   7

1.  Introduction

   An [RFC2369] email header can contain HTTPS URIs.  In a List-
   Unsubscribe Header the HTTPS URI is intended to unsubscribe the
   recipient of the email from the list.  But anti-spam software often
   fetches all resources in mail headers automatically, without any
   action by the user.  As a result of this unintended malicious
   behavior, senders implement landing pages with a confirmation step to
   finish the unsubscribe request.

   If a mail recipient is unsubscribing manually, the confirmation page
   is presented to the recipient who can then click the appropriate
   button.  But in some cases, there is no direct user interaction with
   the target web site, as when the unsubscription is a side effect of a
   spam report, or is performed automatically on mail sent to an
   abandoned mailbox.  In those cases, the unsubscription process has to
   work without manual intervention, and in particular without requiring
   that software attempt to interpret the contents of a confirmation
   page.

   This document addresses this part of the problem, with a POST action
   for receivers that senders can distinguish from other requests and
   handle as a one-click unsubscription without manual intervention by
   the mail recipient.
Show full document text