Email Submission Operations: Access and Accountability Requirements
RFC 5068

Document Type RFC - Best Current Practice (November 2007; No errata)
Also known as BCP 134
Was draft-hutzler-spamops (individual in ops area)
Last updated 2013-03-02
Stream IETF
Formats plain text pdf html
Stream WG state (None)
Consensus Unknown
Document shepherd No shepherd assigned
IESG IESG state RFC 5068 (Best Current Practice)
Telechat date
Responsible AD Dan Romascanu
Send notices to cdhutzler@aol.com; dcrocker@bbiw.net; presnick@qualcomm.com; sandersr@corp.earthlink.net; hardie@qualcomm.com; sah@428cobrajet.net; dot@dotat.at
Network Working Group                                         C. Hutzler
Request for Comments: 5068
BCP: 134                                                      D. Crocker
Category: Best Current Practice              Brandenburg InternetWorking
                                                              P. Resnick
                                                   QUALCOMM Incorporated
                                                               E. Allman
                                                          Sendmail, Inc.
                                                                T. Finch
                               University of Cambridge Computing Service
                                                           November 2007

  Email Submission Operations: Access and Accountability Requirements

Status of This Memo

   This document specifies an Internet Best Current Practices for the
   Internet Community, and requests discussion and suggestions for
   improvements.  Distribution of this memo is unlimited.

Abstract

   Email has become a popular distribution service for a variety of
   socially unacceptable, mass-effect purposes.  The most obvious ones
   include spam and worms.  This note recommends conventions for the
   operation of email submission and transport services between
   independent operators, such as enterprises and Internet Service
   Providers.  Its goal is to improve lines of accountability for
   controlling abusive uses of the Internet mail service.  To this end,
   this document offers recommendations for constructive operational
   policies between independent operators of email submission and
   transmission services.

   Email authentication technologies are aimed at providing assurances
   and traceability between internetworked networks.  In many email
   services, the weakest link in the chain of assurances is initial
   submission of a message.  This document offers recommendations for
   constructive operational policies for this first step of email
   sending, the submission (or posting) of email into the transmission
   network.  Relaying and delivery entail policies that occur subsequent
   to submission and are outside the scope of this document.

Hutzler, et al.          Best Current Practice                  [Page 1]
RFC 5068                    Email Submission               November 2007

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  4
   3.  Submission, Relaying, Delivery . . . . . . . . . . . . . . . .  4
     3.1.  Best Practices for Submission Operation  . . . . . . . . .  5
     3.2.  Transitioning to Submission Port . . . . . . . . . . . . .  6
   4.  External Submission  . . . . . . . . . . . . . . . . . . . . .  6
     4.1.  Best Practices for Support of External Submissions . . . .  7
   5.  Message Submission Authentication/Authorization
       Technologies . . . . . . . . . . . . . . . . . . . . . . . . .  8
   6.  Security Considerations  . . . . . . . . . . . . . . . . . . .  9
   7.  References . . . . . . . . . . . . . . . . . . . . . . . . . .  9
     7.1.  Normative References . . . . . . . . . . . . . . . . . . .  9
     7.2.  Informative References . . . . . . . . . . . . . . . . . .  9
   Appendix A.  Acknowledgments . . . . . . . . . . . . . . . . . . . 10

Hutzler, et al.          Best Current Practice                  [Page 2]
RFC 5068                    Email Submission               November 2007

1.  Introduction

   The very characteristics that make email such a convenient
   communications medium -- its near ubiquity, rapid delivery, low cost,
   and support for exchanges without prior arrangement -- have made it a
   fertile ground for the distribution of unwanted or malicious content.
   Spam, fraud, and worms have become a serious problem, threatening the
   viability of email and costing end users and providers millions of
   dollars in damages and lost productivity.  In recent years,
   independent operators including enterprises and ISPs have turned to a
   number of different technologies and procedures, in an attempt to
   combat these problems.  The results have been mixed, at best.

   En route to its final destination, email will often travel between
   multiple independent providers of email transmission services.  These
   services will generally have no prior arrangement with one another
   and may employ different rules on the transmission.  It is therefore
   difficult both to debug problems that occur in mail transmission and
   to assign accountability if undesired or malicious mail is injected
   into the Internet mail infrastructure.

   Many email authentication technologies exist.  They provide some
Show full document text