Internet-Draft deliveredto August 2021
Dukhovni & Levine Expires 17 February 2022 [Page]
Workgroup:
Network Working Group
Internet-Draft:
draft-duklev-deliveredto-00
Published:
Intended Status:
Informational
Expires:
Authors:
V. Dukhovni
Bloomberg LP
J. Levine
Standcore LLC

The Delivered-To Message Header Field

Abstract

This document describes the existing usage of the Delivered-To header field in e-mail messages.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 17 February 2022.

1. Introduction

The Delivered-To message header was introduced by the [qmail] mail package in 1998, and adopted shortly afterward by [Postfix] and [Courier]. Mail Delivery Agents (MDA) [RFC5598] use the header to detect and break delivery loops.

2. Header Syntax

The syntax of the Delivered-To header is similar to other mail message headers. In the ABNF below, addr-spec is imported from [RFC5322].

delivered-to = "Delivered-To:" addr-spec CRLF

The contents of the header is an opaque string that is an MDA-specific representation of the mailbox to which a message was delivered. The string need not be, and often is not, an address to which mail can be sent using SMTP.

The domain part of the addr-spec is typically a mail domain managed by the MDA adding the header, so the header contents do not collide with headers created by other MDAs.

2.1. Loop Breaking

Some MDAs use the Delivered-To header to break delivery loops using the following method.

When an MDA is about to deliver a message, it creates a Delivered-To header that represents the target of the delivery, and then scans the existing headers in the message to see if an identical Delivered-To header is already present. If so, the message is in a loop, and the delivery fails. If not, the MDA prepends the header to the message and proceeds with the delivery.

Delivered-To headers are typically prepended to the message, similarly to the way trace headers are prepended, but the loop breaking algorithm does not depend on the order of the headers, only whether an identical header is already present.

4. IANA Considerations

IANA is requested to add the following entry to the Permanent Message Header Field Names registry:

Table 1
Header Field Name Template Protocol Status Reference
Delivered-To (blank) mail informational [this document]

5. Security Considerations

Depending on the way that an MDA creates the Delivered-To header, it may be possible to guess internal details of the delivery process from the contents of the header. To avoid this, some MDAs may obscure the Delivered-To contents by hashing or otherwise transforming the part of contents to the left of the @-sign to make it harder to reverse engineer.

Malicious senders have occasionally sent messages with a Delivered-To header that deliberately matches the one to be added by an MDA, to provoke a bounce from that MDA to the envelope sender of the message, causing what is known as "blowback spam." Mitigations are the same as for any undeliverable mail that may have a forged envelope sender address.

6. Acknowledgments

We thank Sam Varshavchik for his reviews and useful suggestions.

7. Informative References

[Courier]
Varshavchik, S., "Courier Mail Server", , <https://courier-mta.org>.
[Postfix]
Venema, W., "Postfix", , <http://www.postfix.org>.
[RFC5322]
Resnick, P., Ed., "Internet Message Format", RFC 5322, DOI 10.17487/RFC5322, , <https://www.rfc-editor.org/info/rfc5322>.
[RFC5598]
Crocker, D., "Internet Mail Architecture", RFC 5598, DOI 10.17487/RFC5598, , <https://www.rfc-editor.org/info/rfc5598>.
[qmail]
Bernstein, D.J., "qmail", , <https://cr.yp.to/qmail.html>.

Authors' Addresses

Viktor Dukhovni
Bloomberg LP
John Levine
Standcore LLC