Message Disposition Notification
RFC 8098
| Document | Type |
RFC
- Internet Standard
(February 2017)
Obsoletes RFC 3798
Also known as STD 85
|
|
|---|---|---|---|
| Authors | Tony Hansen , Alexey Melnikov | ||
| Last updated | 2018-12-20 | ||
| Replaces | draft-hansen-mdn-3798bis | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Formats | |||
| Reviews |
SECDIR Last Call review
(of
-15)
Has Nits
|
||
| Additional resources | Mailing list discussion | ||
| Stream | WG state | Submitted to IESG for Publication | |
| Document shepherd | Murray Kucherawy | ||
| Shepherd write-up | Show Last changed 2016-04-02 | ||
| IESG | IESG state | RFC 8098 (Internet Standard) | |
| Action Holders |
(None)
|
||
| Consensus boilerplate | Yes | ||
| Telechat date | (None) | ||
| Responsible AD | Ben Campbell | ||
| IESG note | Please note that this draft intends to move MDN to Internet Standard. | ||
| Send notices to | Barry Leiba <barryleiba@computer.org> | ||
| IANA | IANA review state | Version Changed - Review Needed | |
| IANA action state | RFC-Ed-Ack |
RFC 8098
Internet Engineering Task Force (IETF) T. Hansen, Ed.
Request for Comments: 8098 AT&T Laboratories
STD: 85 A. Melnikov, Ed.
Obsoletes: 3798 Isode Ltd
Updates: 2046, 3461 February 2017
Category: Standards Track
ISSN: 2070-1721
Message Disposition Notification
Abstract
This memo defines a MIME content type that may be used by a Mail User
Agent (MUA) or electronic mail gateway to report the disposition of a
message after it has been successfully delivered to a recipient.
This content type is intended to be machine processable. Additional
message header fields are also defined to permit Message Disposition
Notifications (MDNs) to be requested by the sender of a message. The
purpose is to extend Internet Mail to support functionality often
found in other messaging systems, such as X.400 and the proprietary
"LAN-based" systems, and are often referred to as "read receipts,"
"acknowledgements," or "receipt notifications." The intention is to
do this while respecting privacy concerns, which have often been
expressed when such functions have been discussed in the past.
Because many messages are sent between the Internet and other
messaging systems (such as X.400 or the proprietary "LAN-based"
systems), the MDN protocol is designed to be useful in a
multiprotocol messaging environment. To this end, the protocol
described in this memo provides for the carriage of "foreign"
addresses, in addition to those normally used in Internet Mail.
Additional attributes may also be defined to support "tunneling" of
foreign notifications through Internet Mail.
This document is an Internet Standard. It obsoletes RFC 3798 and
updates RFC 2046 (message/partial media type handling) and RFC 3461
(Original-Recipient header field generation requirement).
Hansen & Melnikov Standards Track [Page 1]
RFC 8098 MDN February 2017
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc8098.
Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Hansen & Melnikov Standards Track [Page 2]
RFC 8098 MDN February 2017
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4
1.1. Purposes . . . . . . . . . . . . . . . . . . . . . . . . 4
1.2. Requirements . . . . . . . . . . . . . . . . . . . . . . 4
1.3. Terminology . . . . . . . . . . . . . . . . . . . . . . . 5
2. Requesting Message Disposition Notifications . . . . . . . . 5
2.1. The Disposition-Notification-To Header . . . . . . . . . 5
2.2. The Disposition-Notification-Options Header . . . . . . . 8
2.3. The Original-Recipient Header Field . . . . . . . . . . . 9
2.4. Use with the Message/Partial Media Type . . . . . . . . . 10
3. Format of a Message Disposition Notification . . . . . . . . 10
3.1. The Message/Disposition-Notification Media Type . . . . . 12
3.2. Message/Disposition-Notification Content Fields . . . . . 15
3.3. Extension-Fields . . . . . . . . . . . . . . . . . . . . 21
4. Timeline of Events . . . . . . . . . . . . . . . . . . . . . 22
5. Conformance and Usage Requirements . . . . . . . . . . . . . 23
6. Security Considerations . . . . . . . . . . . . . . . . . . . 24
6.1. Forgery . . . . . . . . . . . . . . . . . . . . . . . . . 24
6.2. Privacy . . . . . . . . . . . . . . . . . . . . . . . . . 24
6.2.1. Disclosure of Product Information . . . . . . . . . . 25
6.2.2. MUA Fingerprinting . . . . . . . . . . . . . . . . . 25
6.3. Non-repudiation . . . . . . . . . . . . . . . . . . . . . 25
6.4. Mail Bombing . . . . . . . . . . . . . . . . . . . . . . 26
7. Collected ABNF Grammar . . . . . . . . . . . . . . . . . . . 26
8. Guidelines for Gatewaying MDNs . . . . . . . . . . . . . . . 29
8.1. Gatewaying from Other Mail Systems to MDNs . . . . . . . 29
8.2. Gatewaying from MDNs to Other Mail Systems . . . . . . . 29
8.3. Gatewaying of MDN-Requests to Other Mail Systems . . . . 30
9. Example . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 31
10.1. Disposition-Notification-Options Header Field
disposition-notification-parameter Names . . . . . . . . 32
10.2. Disposition Modifier Names . . . . . . . . . . . . . . . 33
10.3. MDN Extension Field Names . . . . . . . . . . . . . . . 33
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 33
11.1. Normative References . . . . . . . . . . . . . . . . . . 33
11.2. Informative References . . . . . . . . . . . . . . . . . 34
Appendix A. Changes from RFC 3798 . . . . . . . . . . . . . . . 36
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 37
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 37
Hansen & Melnikov Standards Track [Page 3]
RFC 8098 MDN February 2017
1. Introduction
This memo defines a media type [RFC2046] for Message Disposition
Notifications (MDNs). An MDN can be used to notify the sender of a
message of any of several conditions that may occur after successful
delivery, such as display of the message contents, printing of the
message, deletion (without display) of the message, or the
recipient's refusal to provide MDNs. The "message/disposition-
notification" content type defined herein is intended for use within
the framework of the "multipart/report" content type defined in
RFC-REPORT [RFC6522].
This memo defines the format of the notifications and the RFC-MSGFMT
[RFC5322] header fields used to request them.
1.1. Purposes
The MDNs defined in this memo are expected to serve several purposes:
a. Inform human beings of the disposition of messages after
successful delivery in a manner that is largely independent of
human language;
b. Allow mail user agents to keep track of the disposition of
messages sent by associating returned MDNs with earlier message
transmissions;
c. Convey disposition notification requests and disposition
notifications between Internet Mail and "foreign" mail systems
via a gateway;
d. Allow "foreign" notifications to be tunneled through a MIME-
capable messaging system and back into the original messaging
system that issued the original notification, or even to a third
messaging system;
e. Allow language-independent, yet reasonably precise, indications
of the disposition of a message to be delivered.
1.2. Requirements
These purposes place the following constraints on the notification
protocol:
a. It must be readable by humans and must be machine parsable.
Hansen & Melnikov Standards Track [Page 4]
RFC 8098 MDN February 2017
b. It must provide enough information to allow message senders (or
their user agents) to unambiguously associate an MDN with the
message that was sent and the original recipient address for
which the MDN was issued (if such information is available), even
if the message was forwarded to another recipient address.
c. It must also be able to describe the disposition of a message
independent of any particular human language or of the
terminology of any particular mail system.
d. The specification must be extensible in order to accommodate
future requirements.
1.3. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC-KEYWORDS
[RFC2119].
All syntax descriptions use the ABNF specified by RFC-MSGFMT
[RFC5322] in which the lexical tokens (used below) are defined:
"CRLF", "FWS", "CFWS", "field-name", "mailbox-list", "msg-id", and
"text". The following lexical token is defined in RFC-SMTP
[RFC5321]: "Atom".
2. Requesting Message Disposition Notifications
Message disposition notifications are requested by including a
Disposition-Notification-To header field in the message containing
one or more addresses specifying where dispositions should be sent.
Further information to be used by the recipient's Mail User Agent
(MUA) [RFC5598] in generating the MDN may be provided by also
including Original-Recipient and/or Disposition-Notification-Options
header fields in the message.
2.1. The Disposition-Notification-To Header
A request for the receiving user agent to issue message disposition
notifications is made by placing a Disposition-Notification-To header
field into the message. The syntax of the header field is
mdn-request-header = "Disposition-Notification-To" ":"
mailbox-list CRLF
A Disposition-Notification-To header field can appear in a message at
most once.
Hansen & Melnikov Standards Track [Page 5]
RFC 8098 MDN February 2017
The presence of a Disposition-Notification-To header field in a
message is merely a request for an MDN. The recipients' user agents
are always free to silently ignore such a request.
An MDN MUST NOT itself have a Disposition-Notification-To header
field. An MDN MUST NOT be generated in response to an MDN.
A user agent MUST NOT issue more than one MDN on behalf of each
particular recipient. That is, once an MDN has been issued on behalf
of a recipient, no further MDNs may be issued on behalf of that
recipient by the same user agent, even if another disposition is
performed on the message. However, if a message is forwarded, an MDN
may have been issued for the recipient doing the forwarding, and the
recipient of the forwarded message may also cause an MDN to be
generated.
It is also possible that if the same message is being accessed by
multiple user agents (for example, using POP3), then multiple
dispositions might be generated for the same recipient. User agents
SHOULD leverage support in the underlying message access protocol to
prevent multiple MDNs from being generated. In particular, when the
user agent is accessing the message using RFC-IMAP [RFC3501], it
SHOULD implement the procedures specified in RFC-IMAP-MDN [RFC3503].
While Internet standards normally do not specify the behavior of user
interfaces, it is strongly recommended that the user agent obtain the
user's consent before sending an MDN. This consent could be obtained
for each message through some sort of prompt or dialog box, or
globally through the user's setting of a preference. The user might
also indicate globally that MDNs are to never be sent. The purpose
of obtaining user's consent is to protect user's privacy. The
default value should be not to send MDNs.
MDNs MUST NOT be sent automatically if the address in the
Disposition-Notification-To header field differs from the address in
the Return-Path header field (see RFC-MSGFMT [RFC5322]). In this
case, confirmation from the user MUST be obtained, if possible. If
obtaining consent is not possible (e.g., because the user is not
online at the time or the client is not an interactive email client),
then an MDN MUST NOT be sent.
Confirmation from the user MUST be obtained (or no MDN sent) if there
is no Return-Path header field in the message or if there is more
than one distinct address in the Disposition-Notification-To header
field.
Hansen & Melnikov Standards Track [Page 6]
RFC 8098 MDN February 2017
The comparison of the addresses is done using only the addr-spec
(local-part "@" domain) portion, excluding any angle brackets,
phrase, and route. As prescribed by RFC 5322, the comparison is case
sensitive for the local-part and case insensitive for the domain
part. The local-part comparison SHOULD be done after performing
local-part canonicalization, i.e., after removing the surrounding
double-quote characters, if any, as well as any escaping "\"
characters. (See RFC-MSGFMT [RFC5322] for more details.)
Implementations MAY treat known domain aliases as equivalent for the
purpose of comparison.
Note that use of subaddressing (see [RFC5233]) can result in a
failure to match two local-parts and thus result in possible
suppression of the MDN. This document doesn't recommend special
handling for this case, as the receiving MUA can't reliably know
whether or not the sender is using subaddressing.
If the message contains more than one Return-Path header field, the
implementation may pick one to use for the comparison or treat the
situation as a failure of the comparison.
The reason for not automatically sending an MDN if the comparison
fails or more than one address is specified is to reduce the
possibility of mail loops and of MDNs being used for mail bombing.
It's especially important that a message that contains a Disposition-
Notification-To header field also contain a Message-ID header field
to permit user agents to automatically correlate MDNs with their
original messages.
If the request for message disposition notifications for some
recipients and not others is desired, two copies of the message
should be sent, one with a Disposition-Notification-To header field
and one without. Many of the other header fields of the message
(e.g., To, Cc) will be the same in both copies. The recipients in
the respective message envelopes determine from whom message
disposition notifications are requested and from whom they are not.
If desired, the Message-ID header field may be the same in both
copies of the message. Note that there are other situations (e.g.,
Bcc) in which it is necessary to send multiple copies of a message
with slightly different header fields. The combination of such
situations and the need to request MDNs for a subset of all
recipients may result in more than two copies of a message being
sent, some with a Disposition-Notification-To header field and some
without.
Hansen & Melnikov Standards Track [Page 7]
RFC 8098 MDN February 2017
If it is possible to determine that a recipient is a newsgroup, do
not include a Disposition-Notification-To header field for that
recipient. Similarly, if an existing message is resent or gatewayed
to a newsgroup, the agent that is resending/gatewaying SHOULD strip
the Disposition-Notification-To header field. See Section 5 for more
discussion. Clients that see an otherwise valid Disposition-
Notification-To header field in a newsgroup message SHOULD NOT
generate an MDN.
2.2. The Disposition-Notification-Options Header
Extensions to this specification may require that information be
supplied to the recipient's MUA for additional control over how and
what MDNs are generated. The Disposition-Notification-Options header
field provides an extensible mechanism for such information. The
syntax of this header field is as follows:
Disposition-Notification-Options =
"Disposition-Notification-Options" ":" [FWS]
disposition-notification-parameter-list CRLF
disposition-notification-parameter-list =
disposition-notification-parameter
*([FWS] ";" [FWS] disposition-notification-parameter)
disposition-notification-parameter = attribute [FWS] "="
[FWS] importance [FWS] "," [FWS] value
*([FWS] "," [FWS] value)
importance = "required" / "optional"
attribute = Atom
value = word
A Disposition-Notification-Options header field can appear in a
message at most once.
An importance of "required" indicates that interpretation of the
disposition-notification-parameter is necessary for proper generation
of an MDN in response to this request. An importance of "optional"
indicates that an MUA that does not understand the meaning of this
disposition-notification-parameter MAY generate an MDN in response
anyway, ignoring the value of the disposition-notification-parameter.
No disposition-notification-parameter attribute names are defined in
this specification. Attribute names may be defined in the future by
later revisions or extensions to this specification. Disposition-
Hansen & Melnikov Standards Track [Page 8]
RFC 8098 MDN February 2017
notification-parameter attribute names MUST be registered with the
Internet Assigned Numbers Authority (IANA) using the "Specification
Required" registration policy [RFC5226]. The "X-" prefix has
historically been used to denote unregistered "experimental" protocol
elements that are assumed not to become common use. Deployment
experience of this and other protocols has shown that this assumption
is often false. This document allows the use of the "X-" prefix
primarily to allow the registration of attributes that are already in
common use. The prefix has no meaning for new attributes. Its use
in substantially new attributes may cause confusion and is therefore
discouraged. (See Section 10 for a registration form.)
2.3. The Original-Recipient Header Field
Since electronic mail addresses may be rewritten while the message is
in transit, it is useful for the original recipient address to be
made available by the delivering Message Transfer Agent (MTA)
[RFC5598]. The delivering MTA may be able to obtain this information
from the ORCPT parameter of the SMTP RCPT TO command, as defined in
RFC-SMTP [RFC5321] and RFC-DSN-SMTP [RFC3461].
RFC-DSN-SMTP [RFC3461] is amended as follows: if the ORCPT
information is available, the delivering MTA SHOULD insert an
Original-Recipient header field at the beginning of the message
(along with the Return-Path header field). The delivering MTA MAY
delete any other Original-Recipient header fields that occur in the
message. The syntax of this header field is as follows:
original-recipient-header =
"Original-Recipient" ":" OWS address-type OWS
";" OWS generic-address OWS
OWS = [CFWS]
; Optional whitespace.
; MDN generators SHOULD use "*WSP"
; (Typically a single space or nothing.
; It SHOULD be nothing at the end of a field.),
; unless an RFC 5322 "comment" is required.
;
; MDN parsers MUST parse it as "[CFWS]".
The address-type and generic-address tokens are as specified in the
description of the Original-Recipient field in Section 3.2.3.
The purpose of carrying the original recipient information and
returning it in the MDN is to permit automatic correlation of MDNs
with the original message on a per-recipient basis.
Hansen & Melnikov Standards Track [Page 9]
RFC 8098 MDN February 2017
2.4. Use with the Message/Partial Media Type
The use of the header fields Disposition-Notification-To,
Disposition-Notification-Options, and Original-Recipient with the
MIME message/partial content type (RFC-MIME-MEDIA [RFC2046]) requires
further definition.
When a message is segmented into two or more message/partial
fragments, the three header fields mentioned in the above paragraph
SHOULD be placed in the "inner" or "enclosed" message (using the
terms of RFC-MIME-MEDIA [RFC2046]). If these header fields are found
in the header fields of any of the fragments, they are ignored.
When the multiple message/partial fragments are reassembled, the
following applies. If these header fields occur along with the other
header fields of a message/partial fragment message, they pertain to
an MDN that will be generated for the fragment. If these header
fields occur in the header fields of the "inner" or "enclosed"
message (using the terms of RFC-MIME-MEDIA [RFC2046]), they pertain
to an MDN that will be generated for the reassembled message.
Section 5.2.2.1 of RFC-MIME-MEDIA [RFC2046]) is amended to specify
that, in addition to the header fields specified there, the three
header fields described in this specification are to be appended, in
order, to the header fields of the reassembled message. Any
occurrences of the three header fields defined here in the header
fields of the initial enclosing message MUST NOT be copied to the
reassembled message.
3. Format of a Message Disposition Notification
A message disposition notification is a MIME message with a top-level
content type of multipart/report (defined in RFC-REPORT [RFC6522]).
When multipart/report content is used to transmit an MDN:
a. The report-type parameter of the multipart/report content is
"disposition-notification".
b. The first component of the multipart/report contains a human-
readable explanation of the MDN, as described in RFC-REPORT
[RFC6522].
c. The second component of the multipart/report is of content type
message/disposition-notification, described in Section 3.1 of
this document.
Hansen & Melnikov Standards Track [Page 10]
RFC 8098 MDN February 2017
d. If the original message or a portion of the message is to be
returned to the sender, it appears as the third component of the
multipart/report. The decision of whether or not to return the
message or part of the message is up to the MUA generating the
MDN. However, in the case of encrypted messages requesting MDNs,
if the original message or a portion thereof is returned, it MUST
be in its original encrypted form.
NOTE: For message disposition notifications gatewayed from foreign
systems, the header fields of the original message may not be
available. In this case, the third component of the MDN may be
omitted, or it may contain "simulated" RFC-MSGFMT [RFC5322] header
fields that contain equivalent information. In particular, it is
very desirable to preserve the subject and date fields from the
original message.
The MDN MUST be addressed (in both the message header field and the
transport envelope) to the address(es) from the Disposition-
Notification-To header field from the original message for which the
MDN is being generated.
The From header field of the MDN MUST contain the address of the
person for whom the message disposition notification is being issued.
The envelope sender address (i.e., SMTP "MAIL FROM") of the MDN MUST
be null (<>), specifying that no Delivery Status Notification
messages nor other messages indicating successful or unsuccessful
delivery are to be sent in response to an MDN.
A message disposition notification MUST NOT itself request an MDN.
That is, it MUST NOT contain a Disposition-Notification-To header
field.
The Message-ID header field (if present) for an MDN MUST be different
from the Message-ID of the message for which the MDN is being issued.
A particular MDN describes the disposition of exactly one message for
exactly one recipient. Multiple MDNs may be generated as a result of
one message submission, one per recipient. However, due to the
circumstances described in Section 2.1, it's possible that some of
the recipients for whom MDNs were requested will not generate MDNs.
Hansen & Melnikov Standards Track [Page 11]
RFC 8098 MDN February 2017
3.1. The Message/Disposition-Notification Media Type
The message/disposition-notification media type is defined as
follows:
Type name: message
Subtype name: disposition-notification
Required parameters: none
Optional parameters: none
Encoding considerations: "7bit" encoding is sufficient and MUST be
used to maintain readability when viewed by
non-MIME mail readers.
Security considerations: discussed in Section 6 of RFC 8098.
Interoperability considerations: none
Published specification: RFC 8098
Applications that use this media type: Mail Transfer Agents and
email clients that support multipart/report
generation and/or parsing.
Fragment identifier considerations: N/A
Additional information:
Deprecated alias names for this type: N/A
Magic number(s): none
File extension(s): .disposition-notification
Macintosh file type code(s): The 'TEXT' type
code is suggested as files of this type are
typically used for diagnostic purposes and
suitable for analysis in a text editor. A
Uniform Type Identifier (UTI) of "public.utf8-
email-message-header" is suggested. This type
conforms to "public.plain-text".
Person & email address to contact for further information:
ART Area Mailing List <art@ietf.org>
Hansen & Melnikov Standards Track [Page 12]
RFC 8098 MDN February 2017
Intended usage: COMMON
Restrictions on usage: This media type contains textual data in the
US-ASCII charset, which is always 7bit.
Author: See the Authors' Addresses section of RFC 8098.
Change controller: IETF
Provisional registration? no
(While the 7bit restriction applies to the message/disposition-
notification portion of the multipart/report content, it does not
apply to the optional third portion of the multipart/report content.)
The message/disposition-notification report type for use in the
multipart/report is "disposition-notification".
The body of a message/disposition-notification consists of one or
more "fields" formatted according to the ABNF of RFC-MSGFMT [RFC5322]
header "fields". The syntax of the message/disposition-notification
content is as follows:
disposition-notification-content = [ reporting-ua-field CRLF ]
[ mdn-gateway-field CRLF ]
[ original-recipient-field CRLF ]
final-recipient-field CRLF
[ original-message-id-field CRLF ]
disposition-field CRLF
*( error-field CRLF )
*( extension-field CRLF )
extension-field = extension-field-name ":" *([FWS] text)
extension-field-name = field-name
Note that the order of the above fields is recommended but not fixed.
Extension fields can appear anywhere.
3.1.1. General Conventions for Fields
Since these fields are defined according to the rules of RFC-MSGFMT
[RFC5322], the same conventions for continuation lines and comments
apply. Notification fields may be continued onto multiple lines by
beginning each additional line with a SPACE or HTAB. Text that
appears in parentheses is considered a comment and not part of the
contents of that notification field. Field names are case
insensitive, so the names of notification fields may be spelled in
Hansen & Melnikov Standards Track [Page 13]
RFC 8098 MDN February 2017
any combination of uppercase and lowercase letters. RFC-MSGFMT
[RFC5322] comments in notification fields may use the "encoded-word"
construct defined in RFC-MIME-HEADER [RFC2047].
3.1.2. "*-type" Subfields
Several fields consist of a "-type" subfield, followed by a semi-
colon, followed by "*text". For these fields, the keyword used in
the address-type or MTA-type subfield indicates the expected format
of the address or MTA-name that follows.
The "-type" subfields are defined as follows:
a. An "address-type" specifies the format of a mailbox address. For
example, Internet Mail addresses use the "rfc822" address-type.
Other values can appear in this field as specified in the
"Address Types" IANA subregistry established by RFC-DSN-FORMAT
[RFC3464].
address-type = Atom
Atom = <The version from RFC 5321 (not from RFC 5322)
is used in this document.>
b. An "MTA-name-type" specifies the format of a mail transfer agent
name. For example, for an SMTP server on an Internet host, the
MTA name is the domain name of that host, and the "dns" MTA-name-
type is used. Other values can appear in this field as specified
in the "MTA Name Types" IANA subregistry established by RFC-DSN-
FORMAT [RFC3464].
mta-name-type = Atom
Values for address-type and mta-name-type are case insensitive.
Thus, address-type values of "RFC822" and "rfc822" are equivalent.
The Internet Assigned Numbers Authority (IANA) maintains a registry
of address-type and mta-name-type values, along with descriptions of
the meanings of each or a reference to one or more specifications
that provide such descriptions. (The "rfc822" address-type is
defined in RFC-DSN-SMTP [RFC3461].) Registration forms for address-
type and mta-name-type appear in RFC-DSN-FORMAT [RFC3464].
Hansen & Melnikov Standards Track [Page 14]
RFC 8098 MDN February 2017
3.2. Message/Disposition-Notification Content Fields
3.2.1. The Reporting-UA Field
reporting-ua-field = "Reporting-UA" ":" OWS ua-name OWS
[ ";" OWS ua-product OWS ]
ua-name = *text-no-semi
ua-product = *([FWS] text)
text-no-semi = %d1-9 / ; "text" characters excluding NUL, CR,
%d11 / %d12 / %d14-58 / %d60-127 ; LF, or semi-colon
The Reporting-UA field is defined as follows:
An MDN describes the disposition of a message after it has been
delivered to a recipient. In all cases, the Reporting-UA is the MUA
that performed the disposition described in the MDN.
The "Reporting-UA" field contains information about the MUA that
generated the MDN, which is often used by servers to help identify
the scope of reported interoperability problems, to work around or
tailor responses to avoid particular MUA limitations, and for
analytics regarding MUA or operating system use. An MUA SHOULD send
a "Reporting-UA" field unless specifically configured not to do so.
If the reporting MUA consists of more than one component (e.g., a
base program and plug-ins), this may be indicated by including a list
of product names.
A reporting MUA SHOULD limit generated product identifiers to what is
necessary to identify the product; a sender MUST NOT generate
advertising or other nonessential information within the product
identifier.
A reporting MUA SHOULD NOT generate a "Reporting-UA" field containing
needlessly fine-grained detail and SHOULD limit the addition of
subproducts by third parties. Overly long and detailed "Reporting-
UA" field values increase the risk of a user being identified against
their wishes ("fingerprinting").
Likewise, implementations are encouraged not to use the product
tokens of other implementations in order to declare compatibility
with them, as this circumvents the purpose of the field. If an MUA
masquerades as a different MUA, recipients can assume that the user
Hansen & Melnikov Standards Track [Page 15]
RFC 8098 MDN February 2017
intentionally desires to see responses tailored for that identified
MUA, even if they might not work as well for the actual MUA being
used.
Example:
Reporting-UA: Foomail 97.1
3.2.2. The MDN-Gateway Field
The MDN-Gateway field indicates the name of the gateway or MTA that
translated a foreign (non-Internet) message disposition notification
into this MDN. This field MUST appear in any MDN that was translated
by a gateway from a foreign system into MDN format and MUST NOT
appear otherwise.
mdn-gateway-field = "MDN-Gateway" ":" OWS mta-name-type OWS
";" OWS mta-name OWS
mta-name = *text
For gateways into Internet Mail, the MTA-name-type will normally be
"dns", and the mta-name will be the Internet domain name of the
gateway.
3.2.3. Original-Recipient Field
The Original-Recipient field indicates the original recipient address
as specified by the sender of the message for which the MDN is being
issued. For Internet Mail messages, the value of the Original-
Recipient field is obtained from the Original-Recipient header field
from the message for which the MDN is being generated. If there is
an Original-Recipient header field in the message, or if information
about the original recipient is reliably available some other way,
then the Original-Recipient field MUST be included. Otherwise, the
Original-Recipient field MUST NOT be included. If there is more than
one Original-Recipient header field in the message, the MUA may
choose the one to use or act as if no Original-Recipient header field
is present.
original-recipient-field =
"Original-Recipient" ":" OWS address-type OWS
";" OWS generic-address OWS
generic-address = *text
The address-type field indicates the type of the original recipient
address. If the message originated within the Internet, the address-
Hansen & Melnikov Standards Track [Page 16]
RFC 8098 MDN February 2017
type field will normally be "rfc822", and the address will be
according to the syntax specified in RFC-MSGFMT [RFC5322]. The value
"unknown" should be used if the Reporting MUA cannot determine the
type of the original recipient address from the message envelope.
This address is the same as that provided by the sender and can be
used to automatically correlate MDN reports with original messages on
a per-recipient basis.
3.2.4. Final-Recipient Field
The Final-Recipient field indicates the recipient for which the MDN
is being issued. This field MUST be present.
The syntax of the field is as follows:
final-recipient-field = "Final-Recipient" ":" OWS address-type OWS
";" OWS generic-address OWS
The generic-address subfield of the Final-Recipient field SHOULD
contain the mailbox address of the recipient (which will be the same
as the From header field of the MDN) as it was when the MDN was
generated by the MUA.
One example of when this field might not contain the final
recipient address of the message is when an alias (e.g.,
<customer-support@example.com>) forwards mail to a specific
personal address (e.g., <bob@example.com>). Bob might want to be
able to send MDNs but not give away his personal email address.
In this case, the Final-Recipient field can contain:
Final-Recipient: rfc822;customer-support@example.com
in place of:
Final-Recipient: rfc822;bob@example.com
The Final-Recipient address may differ from the address originally
provided by the sender, because it may have been transformed during
forwarding and gatewaying into a totally unrecognizable mess.
However, in the absence of the optional Original-Recipient field, the
Final-Recipient field and any returned content may be the only
information available with which to correlate the MDN with a
particular message recipient.
The address-type subfield indicates the type of address expected by
the reporting MTA in that context. Recipient addresses obtained via
SMTP will normally be of address-type "rfc822", but can be other
Hansen & Melnikov Standards Track [Page 17]
RFC 8098 MDN February 2017
values from the "Address Types" subregistry of the "Delivery Status
Notification (DSN) Types" IANA registry.
Since mailbox addresses (including those used in the Internet) may be
case sensitive, the case of alphabetic characters in the address MUST
be preserved.
3.2.5. Original-Message-ID Field
The Original-Message-ID field indicates the message-ID of the message
for which the MDN is being issued. It is obtained from the
Message-ID header field of the message for which the MDN is issued.
This field MUST be present if and only if the original message
contained a Message-ID header field. The syntax of the field is as
follows:
original-message-id-field =
"Original-Message-ID" ":" msg-id
The msg-id token is as specified in RFC-MSGFMT [RFC5322].
3.2.6. Disposition Field
The Disposition field indicates the action performed by the Reporting
MUA on behalf of the user. This field MUST be present.
The syntax for the Disposition field is:
disposition-field =
"Disposition" ":" OWS disposition-mode OWS ";"
OWS disposition-type
[ OWS "/" OWS disposition-modifier
*( OWS "," OWS disposition-modifier ) ] OWS
disposition-mode = action-mode OWS "/" OWS sending-mode
action-mode = "manual-action" / "automatic-action"
sending-mode = "MDN-sent-manually" / "MDN-sent-automatically"
disposition-type = "displayed" / "deleted" / "dispatched" /
"processed"
disposition-modifier = "error" / disposition-modifier-extension
disposition-modifier-extension = Atom
Hansen & Melnikov Standards Track [Page 18]
RFC 8098 MDN February 2017
The disposition-mode, disposition-type, and disposition-modifier
values may be spelled in any combination of uppercase and lowercase
US-ASCII characters.
3.2.6.1. Disposition Modes
Disposition mode consists of two parts: action mode and sending mode.
The following action modes are defined:
"manual-action" The disposition described by the disposition type
was a result of an explicit instruction by the
user rather than some sort of automatically
performed action. (This might include the case
when the user has manually configured her MUA to
automatically respond to valid MDN requests.)
Unless prescribed otherwise in a particular mail
environment, in order to preserve the user's
privacy, this MUST be the default for MUAs.
"automatic-action" The disposition described by the disposition type
was a result of an automatic action rather than
an explicit instruction by the user for this
message. This is typically generated by a Mail
Delivery Agent (e.g., MDN generations by Sieve
reject action [RFC5429], Fax-over-Email
[RFC3249], voice message system (see Voice
Profile for Internet Mail (VPIM) [RFC3801]), or
upon delivery to a mailing list).
"Manual-action" and "automatic-action" are mutually exclusive. One
or the other MUST be specified.
The following sending modes are defined:
"MDN-sent-manually" The user explicitly gave permission for this
particular MDN to be sent. Unless prescribed
otherwise in a particular mail environment, in
order to preserve the user's privacy, this MUST
be the default for MUAs.
"MDN-sent-automatically"
The MDN was sent because the MUA had previously
been configured to do so automatically.
"MDN-sent-manually" and "MDN-sent-automatically" are mutually
exclusive. One or the other MUST be specified.
Hansen & Melnikov Standards Track [Page 19]
RFC 8098 MDN February 2017
3.2.6.2. Disposition Types
The following disposition-types are defined:
"displayed" The message has been displayed by the MUA to
someone reading the recipient's mailbox. There
is no guarantee that the content has been read or
understood.
"dispatched" The message has been sent somewhere in some
manner (e.g., printed, faxed, forwarded) without
necessarily having been previously displayed to
the user. The user may or may not see the
message later.
"processed" The message has been processed in some manner
(i.e., by some sort of rules or server) without
being displayed to the user. The user may or may
not see the message later, or there may not even
be a human user associated with the mailbox.
"deleted" The message has been deleted. The recipient may
or may not have seen the message. The recipient
might "undelete" the message at a later time and
read the message.
3.2.6.3. Disposition Modifiers
Only the extension disposition modifiers are defined:
disposition-modifier-extension
Disposition modifiers may be defined in the
future by later revisions or extensions to this
specification. MDN disposition value names MUST
be registered with the Internet Assigned Numbers
Authority (IANA) using the "Specification
Required" registration policy. (See Section 10
for a registration form.) MDNs with disposition
modifier names not understood by the receiving
MUA MAY be silently ignored or placed in the
user's mailbox without special interpretation.
They MUST NOT cause any error message to be sent
to the sender of the MDN.
It is not required that an MUA be able to generate all of the
possible values of the Disposition field.
Hansen & Melnikov Standards Track [Page 20]
RFC 8098 MDN February 2017
A user agent MUST NOT issue more than one MDN on behalf of each
particular recipient. That is, once an MDN has been issued on behalf
of a recipient, no further MDNs may be issued on behalf of that
recipient, even if another disposition is performed on the message.
However, if a message is forwarded, a "dispatched" MDN MAY be issued
for the recipient doing the forwarding and the recipient of the
forwarded message may also cause an MDN to be generated.
3.2.7. Error Field
The Error field is used to supply additional information in the form
of text messages when the "error" disposition modifier appears. The
syntax is as follows:
error-field = "Error" ":" *([FWS] text)
Note that syntax of these header fields doesn't include comments, so
the "encoded-word" construct defined in RFC-MIME-HEADER [RFC2047]
can't be used to convey non-ASCII text. Applications that need to
convey non-ASCII text in these fields should consider implementing
the message/global-disposition-notification media type specified in
[RFC6533] instead of this specification.
3.3. Extension-Fields
Additional MDN fields may be defined in the future by later revisions
or extensions to this specification. MDN field names MUST be
registered with the Internet Assigned Numbers Authority (IANA) using
the "Specification Required" registration policy. (See Section 10
for a registration form.) MDN Extension-fields may be defined for
the following reasons:
a. To allow additional information from foreign disposition reports
to be tunneled through Internet MDNs. The names of such MDN
fields should begin with an indication of the foreign environment
name (e.g., X400-Physical-Forwarding-Address).
b. To allow transmission of diagnostic information that is specific
to a particular Mail User Agent (MUA). The names of such MDN
fields should begin with an indication of the MUA implementation
that produced the MDN (e.g., Foomail-information).
Hansen & Melnikov Standards Track [Page 21]
RFC 8098 MDN February 2017
4. Timeline of Events
The following timeline shows when various events in the processing of
a message and generation of MDNs take place:
-- User composes message.
-- User tells MUA to send message.
-- MUA passes message to Mail Submission Agent (MSA) and original
recipient information is passed along.
-- MSA sends message to next MTA.
-- Final MTA receives message.
-- Final MTA delivers message to recipient's mailbox (possibly
generating a Delivery Status Notification (DSN)).
-- (Recipient's) MUA discovers a new message in recipient's mailbox
and decides whether an MDN should be generated. If the MUA has
information that an MDN has already been generated for this
message, no further MDN processing described below is performed.
If MUA decides that no MDN can be generated, no further MDN
processing described below is performed.
-- MUA performs automatic processing and might generate corresponding
MDNs ("dispatched", "processed", or "deleted" disposition type
with "automatic-action" and "MDN-sent-automatically" disposition
modes). The MUA remembers that an MDN was generated.
-- MUA displays list of messages to user.
-- User selects a message and requests that some action be performed
on it.
-- MUA performs requested action; if an automatic MDN has not already
been generated, with user's permission, sends an appropriate MDN
("displayed", "dispatched", "processed", or "deleted" disposition
type, with "manual-action" and "MDN-sent-manually" or "MDN-sent-
automatically" disposition mode). The MUA remembers that an MDN
was generated.
-- User possibly performs other actions on message, but no further
MDNs are generated.
Hansen & Melnikov Standards Track [Page 22]
RFC 8098 MDN February 2017
5. Conformance and Usage Requirements
An MUA or gateway conforms to this specification if it generates MDNs
according to the protocol defined in this memo. It is not necessary
to be able to generate all of the possible values of the Disposition
field.
MUAs and gateways MUST NOT generate the Original-Recipient field of
an MDN unless the mail protocols provide the address originally
specified by the sender at the time of submission. Ordinary SMTP
does not make that guarantee, but the SMTP extension defined in RFC--
DSN-SMTP [RFC3461] permits such information to be carried in the
envelope if it is available. The Original-Recipient header field
defined in this document provides a way for the MTA to pass the
original recipient address to the MUA.
Each sender-specified recipient address may result in more than one
MDN. If an MDN is requested for a recipient that is forwarded to
multiple recipients of an "alias" (as defined in Section 6.2.7.3 of
RFC-DSN-SMTP [RFC3461]), each of the recipients may issue an MDN.
Successful distribution of a message to a mailing list exploder or
gateway to Usenet newsgroup SHOULD be considered the final
disposition of the message. A mailing list exploder MAY issue an MDN
with a disposition type of "processed" and disposition modes of
"automatic-action" and "MDN-sent-automatically" indicating that the
message has been forwarded to the list. In this case, the request
for MDNs is not propagated to the members of the list.
Alternatively (if successful distribution of a message to a mailing
list exploder / Usenet newsgroup is not considered the final
disposition of the message), the mailing list exploder can issue no
MDN and propagate the request for MDNs to all members of the list.
The latter behavior is not recommended for any but small, closely
knit lists, as it might cause large numbers of MDNs to be generated
and may cause confidential subscribers to the list to be revealed.
The mailing list exploder can also direct MDNs to itself, correlate
them, and produce a report to the original sender of the message.
This specification places no restrictions on the processing of MDNs
received by user agents or mailing lists.
Hansen & Melnikov Standards Track [Page 23]
RFC 8098 MDN February 2017
6. Security Considerations
The following security considerations apply when using MDNs.
6.1. Forgery
MDNs can be (and are, in practice) forged as easily as ordinary
Internet electronic mail. User agents and automatic mail handling
facilities (such as mail distribution list exploders) that wish to
make automatic use of MDNs should take appropriate precautions to
minimize the potential damage from denial-of-service attacks.
Security threats related to forged MDNs include the sending of:
a. A falsified disposition notification when the indicated
disposition of the message has not actually occurred, and
b. Unsolicited MDNs.
Similarly, a forged spam or phishing email message can contain
Disposition-Notification-To header field that can trick the recipient
to send an MDN. MDN processing should only be invoked once
authenticity of an email message is verified.
6.2. Privacy
Another dimension of security is privacy. There may be cases in
which a message recipient does not wish the disposition of messages
addressed to him to be known, or is concerned that the sending of
MDNs may reveal other sensitive information (e.g., when the message
was read, using which email client, and which OS was used). In this
situation, it is acceptable for the MUA to silently ignore requests
for MDNs.
If the Disposition-Notification-To header field is passed on
unmodified when a message is distributed to the subscribers of a
mailing list, the subscribers to the list may be revealed to the
sender of the original message by the generation of MDNs.
Headers of the original message returned in part 3 of the multipart/
report, as well as content of the message/disposition-notification
part, could reveal confidential information about host names and/or
network topology inside a firewall.
Disposition mode (Section 3.2.6.1) can leak information about
recipient's MUA configuration, in particular, whether MDNs are
Hansen & Melnikov Standards Track [Page 24]
RFC 8098 MDN February 2017
acknowledged manually or automatically. If this is a concern, MUAs
can return "manual-action/MDN-sent-manually" disposition mode in
generated MDNs.
In general, any optional MDN field may be omitted if the Reporting
MUA site or user determines that inclusion of the field would impose
too great a compromise of site confidentiality. The need for such
confidentiality must be balanced against the utility of the omitted
information in MDNs.
In some cases, someone with access to the message stream may use the
MDN request mechanism to monitor the mail reading habits of a target.
If the target is known to generate MDN reports, they could add a
Disposition-Notification-To header field containing the envelope from
address. This risk can be minimized by not sending MDN's
automatically.
6.2.1. Disclosure of Product Information
The "Reporting-UA" field (Section 3.2.1), User-Agent header field,
and other header fields often reveal information about the respective
sender's software systems. In theory, this can make it easier for an
attacker to exploit known security holes; in practice, attackers tend
to try all potential holes regardless of the apparent software
versions being used. Also note that the "Reporting-UA" field doesn't
provide any new information in comparison to the "User-Agent" and/or
(undocumented) "X-Mailer" header fields used by many MUAs.
6.2.2. MUA Fingerprinting
The "Reporting-UA" field (Section 3.2.1) might contain enough
information to uniquely identify a specific device, usually when
combined with other characteristics, particularly if the user agent
sends excessive details about the user's system or extensions. Even
when the guidance in Section 3.2.1 is followed to avoid
fingerprinting, other sources of unique information may still be
present, such as the Accept-Language header fields.
6.3. Non-repudiation
MDNs do not provide non-repudiation with proof of delivery. Within
the framework of today's Internet Mail, the MDNs defined in this
document provide valuable information to the mail user; however, MDNs
cannot be relied upon as a guarantee that a message was or was not
seen by the recipient. Even if MDNs are not actively forged, they
may be lost in transit. The recipient may bypass the MDN issuing
mechanism in some manner.
Hansen & Melnikov Standards Track [Page 25]
RFC 8098 MDN February 2017
One possible solution for this purpose can be found in RFC-SEC-
SERVICES [RFC2634].
6.4. Mail Bombing
The MDN request mechanism introduces an additional way of mail
bombing a mailbox. The MDN request notification provides an address
to which MDN's should be sent. It is possible for an attacking agent
to send a potentially large set of messages to otherwise unsuspecting
third party recipients with a false Disposition-Notification-To
address. Automatic or simplistic processing of such requests would
result in a flood of MDN notifications to the target of the attack.
Additionally, as generated MDN notifications can include the full
content of messages that caused them and thus they can be bigger than
such messages, they can be used for bandwidth amplification attacks.
Such an attack could overrun the storage capacity of the targeted
mailbox and/or of the mail transport system, and deny service.
For that reason, MDN's SHOULD NOT be sent automatically where the
Disposition-Notification-To address is different from the SMTP "MAIL
FROM" address (which is carried in the Return-Path header field).
See Section 2.1 for further discussion.
7. Collected ABNF Grammar
NOTE: The following lexical tokens are defined in RFC-MSGFMT
[RFC5322]: CRLF, FWS, CFWS, field-name, mailbox-list, msg-id, text,
comment, and word. The following lexical tokens are defined in
RFC-SMTP [RFC5321]: Atom. (Note that RFC-MSGFMT [RFC5322] also
defines "atom", but the version from RFC-SMTP [RFC5321] is more
restrictive and this more restrictive version is used in this
document.) The "encoded-word" construct defined in RFC-MIME-HEADER
[RFC2047] is allowed everywhere where RFC-MSGFMT [RFC5322] "comment"
is used, for example, in CFWS.
OWS = [CFWS]
; Optional whitespace.
; MDN generators SHOULD use "*WSP"
; (Typically a single space or nothing.
; It SHOULD be nothing at the end of a field.),
; unless an RFC 5322 "comment" is required.
;
; MDN parsers MUST parse it as "[CFWS]".
Message header fields:
mdn-request-header =
"Disposition-Notification-To" ":" mailbox-list CRLF
Hansen & Melnikov Standards Track [Page 26]
RFC 8098 MDN February 2017
Disposition-Notification-Options =
"Disposition-Notification-Options" ":" [FWS]
disposition-notification-parameter-list CRLF
disposition-notification-parameter-list =
disposition-notification-parameter
*([FWS] ";" [FWS]
disposition-notification-parameter)
disposition-notification-parameter = attribute [FWS] "=" [FWS]
importance [FWS] "," [FWS] value *([FWS] ","
[FWS] value)
importance = "required" / "optional"
attribute = Atom
value = word
original-recipient-header =
"Original-Recipient" ":" OWS address-type OWS
";" OWS generic-address OWS CRLF
Report content:
disposition-notification-content =
[ reporting-ua-field CRLF ]
[ mdn-gateway-field CRLF ]
[ original-recipient-field CRLF ]
final-recipient-field CRLF
[ original-message-id-field CRLF ]
disposition-field CRLF
*( error-field CRLF )
*( extension-field CRLF )
address-type = Atom
mta-name-type = Atom
reporting-ua-field = "Reporting-UA" ":" OWS ua-name OWS [
";" OWS ua-product OWS ]
ua-name = *text-no-semi
ua-product = *([FWS] text)
text-no-semi = %d1-9 / ; "text" characters excluding NUL, CR,
%d11 / %d12 / %d14-58 / %d60-127 ; LF, or semi-colon
Hansen & Melnikov Standards Track [Page 27]
RFC 8098 MDN February 2017
mdn-gateway-field = "MDN-Gateway" ":" OWS mta-name-type OWS
";" OWS mta-name
mta-name = *text
original-recipient-field =
"Original-Recipient" ":" OWS address-type OWS
";" OWS generic-address OWS
generic-address = *text
final-recipient-field =
"Final-Recipient" ":" OWS address-type OWS
";" OWS generic-address OWS
original-message-id-field = "Original-Message-ID" ":" msg-id
disposition-field =
"Disposition" ":" OWS disposition-mode OWS ";"
OWS disposition-type
[ OWS "/" OWS disposition-modifier
*( OWS "," OWS disposition-modifier ) ] OWS
disposition-mode = action-mode OWS "/" OWS sending-mode
action-mode = "manual-action" / "automatic-action"
sending-mode = "MDN-sent-manually" / "MDN-sent-automatically"
disposition-type = "displayed" / "deleted" / "dispatched" /
"processed"
disposition-modifier = "error" / disposition-modifier-extension
disposition-modifier-extension = Atom
error-field = "Error" ":" *([FWS] text)
extension-field = extension-field-name ":" *([FWS] text)
extension-field-name = field-name
Hansen & Melnikov Standards Track [Page 28]
RFC 8098 MDN February 2017
8. Guidelines for Gatewaying MDNs
NOTE: This section provides non-binding recommendations for the
construction of mail gateways that wish to provide semi-transparent
disposition notifications between the Internet and another electronic
mail system. Specific MDN gateway requirements for a particular pair
of mail systems may be defined by other documents.
8.1. Gatewaying from Other Mail Systems to MDNs
A mail gateway may issue an MDN to convey the contents of a "foreign"
disposition notification over Internet Mail. When there are
appropriate mappings from the foreign notification elements to MDN
fields, the information may be transmitted in those MDN fields.
Additional information (such as what might be needed to tunnel the
foreign notification through the Internet) may be defined in
extension MDN fields. (Such fields should be given names that
identify the foreign mail protocol, e.g., X400-* for X.400 protocol
elements [X.400]).
The gateway must attempt to supply reasonable values for the
Reporting-UA, Final-Recipient, and Disposition fields. These will
normally be obtained by translating the values from the foreign
notification into their Internet-style equivalents. However, some
loss of information is to be expected.
The sender-specified recipient address and the original message-id,
if present in the foreign notification, should be preserved in the
Original-Recipient and Original-Message-ID fields.
The gateway should also attempt to preserve the "final" recipient
address from the foreign system. Whenever possible, foreign protocol
elements should be encoded as meaningful printable ASCII strings.
For MDNs produced from foreign disposition notifications, the name of
the gateway MUST appear in the MDN-Gateway field of the MDN.
8.2. Gatewaying from MDNs to Other Mail Systems
It may be possible to gateway MDNs from the Internet into a foreign
mail system. The primary purpose of such gatewaying is to convey
disposition information in a form that is usable by the destination
system. A secondary purpose is to allow "tunneling" of MDNs through
foreign mail systems in case the MDN may be gatewayed back into the
Internet.
Hansen & Melnikov Standards Track [Page 29]
RFC 8098 MDN February 2017
In general, the recipient of the MDN (i.e., the sender of the
original message) will want to know, for each recipient: the closest
available approximation to the original recipient address and the
disposition (displayed, printed, etc.).
If possible, the gateway should attempt to preserve the Original-
Recipient address and Original-Message-ID (if present) in the
resulting foreign disposition report.
If it is possible to tunnel an MDN through the destination
environment, the gateway specification may define a means of
preserving the MDN information in the disposition reports used by
that environment.
8.3. Gatewaying of MDN-Requests to Other Mail Systems
By use of the separate Disposition-Notification-To request header
field, this specification offers a richer functionality than most, if
not all, other email systems. In most other email systems, the
notification recipient is identical to the message sender as
indicated in the "from" address. There are two interesting cases
when gatewaying into such systems:
1. If the address in the Disposition-Notification-To header field is
identical to the address in the SMTP "MAIL FROM", the expected
behavior will result, even if the Disposition-Notification-To
information is lost. Systems should propagate the MDN request.
2. If the address in the Disposition-Notification-To header field is
different from the address in the SMTP "MAIL FROM", gatewaying
into a foreign system without a separate notification address
will result in unintended behavior. This is especially important
when the message arrives via a mailing list expansion software
that may specifically replace the SMTP "MAIL FROM" address with
an alternate address. In such cases, the MDN request should not
be gatewayed and should be silently dropped. This is consistent
with other forms of non-support for MDN.
9. Example
NOTE: This example is provided as illustration only and is not
considered part of the MDN protocol specification. If the example
conflicts with the protocol definition above, the example is wrong.
Likewise, the use of *-type subfield names or extension fields in
this example is not to be construed as a definition for those type
names or extension fields.
Hansen & Melnikov Standards Track [Page 30]
RFC 8098 MDN February 2017
This is an MDN issued after a message has been displayed to the user
of an Internet Mail user agent.
Date: Wed, 20 Sep 1995 00:19:00 (EDT) -0400
From: Joe Recipient <Joe_Recipient@example.com>
Message-Id: <199509200019.12345@example.com>
Subject: Disposition notification
To: Jane Sender <Jane_Sender@example.org>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=disposition-notification;
boundary="RAA14128.773615765/example.com"
--RAA14128.773615765/example.com
The message sent on 1995 Sep 19 at 13:30:00 (EDT) -0400 to Joe
Recipient <Joe_Recipient@example.com> with subject "First draft of
report" has been displayed.
This is no guarantee that the message has been read or understood.
--RAA14128.773615765/example.com
Content-Type: message/disposition-notification
Reporting-UA: joes-pc.cs.example.com; Foomail 97.1
Original-Recipient: rfc822;Joe_Recipient@example.com
Final-Recipient: rfc822;Joe_Recipient@example.com
Original-Message-ID: <199509192301.23456@example.org>
Disposition: manual-action/MDN-sent-manually; displayed
--RAA14128.773615765/example.com
Content-Type: message/rfc822
[original message optionally goes here]
--RAA14128.773615765/example.com--
10. IANA Considerations
IANA has completed the following actions:
1. IANA has updated the registration template for the message/
disposition-notification media type to match what appears in
Section 3.1 of this document and updated the reference for the
media type to point to this document (instead of to RFC 3798).
2. The registries specified here already exist; this section updates
their documentation. IANA has changed the reference document for
the three Message Disposition Notification Parameters registries
to point to this document (instead of to RFC 3798).
Hansen & Melnikov Standards Track [Page 31]
RFC 8098 MDN February 2017
This document specifies three types of parameters that must be
registered with the Internet Assigned Numbers Authority (IANA). All
of them use the "Specification Required" IANA registration policy
[RFC5226].
The forms below are for use when registering a new disposition-
notification-parameter name for the Disposition-Notification-Options
header field, a new disposition modifier name, or a new MDN extension
field. Each piece of information required by a registration form may
be satisfied either by providing the information on the form itself
or by including a reference to a published and publicly available
specification that includes the necessary information. IANA MAY
reject registrations because of incomplete registration forms or
incomplete specifications.
To register, complete the following applicable form and send it via
electronic mail to <IANA@IANA.ORG>.
10.1. Disposition-Notification-Options Header Field
disposition-notification-parameter Names
A registration for a Disposition-Notification-Options header field
disposition-notification-parameter name MUST include the following
information:
a. The proposed disposition-notification-parameter name.
b. The syntax for disposition-notification-parameter values,
specified using BNF, ABNF, regular expressions, or other
non-ambiguous language.
c. If disposition-notification-parameter values are not composed
entirely of graphic characters from the US-ASCII repertoire, a
specification for how they are to be encoded as graphic US-ASCII
characters in a Disposition-Notification-Options header field.
d. A reference to a permanent and readily available public
specification that describes the semantics of the disposition-
notification-parameter values.
Hansen & Melnikov Standards Track [Page 32]
RFC 8098 MDN February 2017
10.2. Disposition Modifier Names
A registration for a disposition-modifier name (used in the
Disposition field of a message/disposition-notification) MUST include
the following information:
a. The proposed disposition-modifier name.
b. A reference to a permanent and readily available public
specification that describes the semantics of the disposition
modifier.
10.3. MDN Extension Field Names
A registration for an MDN extension-field name MUST include the
following information:
a. The proposed extension field name.
b. The syntax for extension values, specified using BNF, ABNF,
regular expressions, or other non-ambiguous language.
c. If extension-field values are not composed entirely of graphic
characters from the US-ASCII repertoire, a specification for how
they are to be encoded as graphic US-ASCII characters in a
Disposition-Notification-Options header field.
d. A reference to a permanent and readily available public
specification that describes the semantics of the extension
field.
11. References
11.1. Normative References
[RFC5321] Klensin, J., "Simple Mail Transfer Protocol", RFC 5321,
DOI 10.17487/RFC5321, October 2008,
<http://www.rfc-editor.org/info/rfc5321>.
[RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322,
DOI 10.17487/RFC5322, October 2008,
<http://www.rfc-editor.org/info/rfc5322>.
[RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
Extensions (MIME) Part One: Format of Internet Message
Bodies", RFC 2045, DOI 10.17487/RFC2045, November 1996,
<http://www.rfc-editor.org/info/rfc2045>.
Hansen & Melnikov Standards Track [Page 33]
RFC 8098 MDN February 2017
[RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
Extensions (MIME) Part Two: Media Types", RFC 2046,
DOI 10.17487/RFC2046, November 1996,
<http://www.rfc-editor.org/info/rfc2046>.
[RFC2047] Moore, K., "MIME (Multipurpose Internet Mail Extensions)
Part Three: Message Header Extensions for Non-ASCII Text",
RFC 2047, DOI 10.17487/RFC2047, November 1996,
<http://www.rfc-editor.org/info/rfc2047>.
[RFC6522] Kucherawy, M., Ed., "The Multipart/Report Media Type for
the Reporting of Mail System Administrative Messages",
STD 73, RFC 6522, DOI 10.17487/RFC6522, January 2012,
<http://www.rfc-editor.org/info/rfc6522>.
[RFC3461] Moore, K., "Simple Mail Transfer Protocol (SMTP) Service
Extension for Delivery Status Notifications (DSNs)",
RFC 3461, DOI 10.17487/RFC3461, January 2003,
<http://www.rfc-editor.org/info/rfc3461>.
[RFC3464] Moore, K. and G. Vaudreuil, "An Extensible Message Format
for Delivery Status Notifications", RFC 3464,
DOI 10.17487/RFC3464, January 2003,
<http://www.rfc-editor.org/info/rfc3464>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>.
[RFC3503] Melnikov, A., "Message Disposition Notification (MDN)
profile for Internet Message Access Protocol (IMAP)",
RFC 3503, DOI 10.17487/RFC3503, March 2003,
<http://www.rfc-editor.org/info/rfc3503>.
11.2. Informative References
[RFC2634] Hoffman, P., Ed., "Enhanced Security Services for S/MIME",
RFC 2634, DOI 10.17487/RFC2634, June 1999,
<http://www.rfc-editor.org/info/rfc2634>.
[RFC3249] Cancio, V., Moldovan, M., Tamura, H., and D. Wing,
"Implementers Guide for Facsimile Using Internet Mail",
RFC 3249, DOI 10.17487/RFC3249, September 2002,
<http://www.rfc-editor.org/info/rfc3249>.
Hansen & Melnikov Standards Track [Page 34]
RFC 8098 MDN February 2017
[RFC3501] Crispin, M., "INTERNET MESSAGE ACCESS PROTOCOL - VERSION
4rev1", RFC 3501, DOI 10.17487/RFC3501, March 2003,
<http://www.rfc-editor.org/info/rfc3501>.
[RFC3801] Vaudreuil, G. and G. Parsons, "Voice Profile for Internet
Mail - version 2 (VPIMv2)", RFC 3801,
DOI 10.17487/RFC3801, June 2004,
<http://www.rfc-editor.org/info/rfc3801>.
[RFC5233] Murchison, K., "Sieve Email Filtering: Subaddress
Extension", RFC 5233, DOI 10.17487/RFC5233, January 2008,
<http://www.rfc-editor.org/info/rfc5233>.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 5226,
DOI 10.17487/RFC5226, May 2008,
<http://www.rfc-editor.org/info/rfc5226>.
[RFC5429] Stone, A., Ed., "Sieve Email Filtering: Reject and
Extended Reject Extensions", RFC 5429,
DOI 10.17487/RFC5429, March 2009,
<http://www.rfc-editor.org/info/rfc5429>.
[RFC5598] Crocker, D., "Internet Mail Architecture", RFC 5598,
DOI 10.17487/RFC5598, July 2009,
<http://www.rfc-editor.org/info/rfc5598>.
[RFC6533] Hansen, T., Ed., Newman, C., and A. Melnikov,
"Internationalized Delivery Status and Disposition
Notifications", RFC 6533, DOI 10.17487/RFC6533, February
2012, <http://www.rfc-editor.org/info/rfc6533>.
[X.400] International Telecommunications Union, "Message handling
system and service overview", ITU-T Recommendation
F.400/X.400, June 1999.
Hansen & Melnikov Standards Track [Page 35]
RFC 8098 MDN February 2017
Appendix A. Changes from RFC 3798
Changed IANA registration for different subregistries to
"Specification Required" to match what is already used by IANA.
Updated IANA registration template for message/disposition-
notification.
"X-" fields no longer reserved for experimental use and can now be
registered in compliance with RFC 6648.
Fixed the default MTA-name-type used in "MDN-Gateway" to be "dns".
Strengthen requirements on obtaining user consent in order to protect
user privacy.
Removed discussion of using source routes with MDNs, as source route
is a deprecated Email feature.
The values of "dispatched" and "processed" were lost from the ABNF
for "disposition-type". (Erratum #691)
Because the warning disposition modifier was previously removed, the
warning-field has also been removed. (Erratum #692)
Because the failed disposition type was previously removed, the
failure-field has also been removed.
The ABNF for ua-name and ua-product included a semi-colon, which
could not be distinguished from *text in the production. The ua-name
was restricted to not include semi-colon. Semi-colon can still
appear in the ua-product.
Removed recommendation to include the MUA DNS host name in the
"Reporting-UA" MDN field.
The ABNF did not indicate all places that whitespace was allowable,
in particular folding whitespace, although all implementations allow
whitespace and folding in the header fields just like any other
header field formatted as described in RFC-MSGFMT [RFC5322]. There
were also a number of places in the ABNF that inconsistently
permitted comments and whitespace in one leg of the production and
not another. The ABNF now specifies FWS and CFWS in several places
that should have already been specified by the grammar.
Extension-field was defined in the collected grammar but not in the
main text.
Hansen & Melnikov Standards Track [Page 36]
RFC 8098 MDN February 2017
The comparison of mailboxes in Disposition-Notification-To to the
Return-Path addr-spec was clarified.
The use of the grammar production "parameter" was confusing with the
RFC 2045 [RFC2045] production of the same name, as well as other uses
of the same term. These have been clarified.
A clarification was added on the extent of the 7bit nature of MDNs.
Uses of the terms "may" and "might" were clarified.
A clarification was added on the order of the fields in the message/
disposition-notification content.
Acknowledgements
The contributions of Bruce Lilly, Alfred Hoenes, Barry Leiba, Ben
Campbell, Pete Resnick, Donald Eastlake, and Alissa Cooper are
gratefully acknowledged for this revision.
The contributions of Roger Fajman and Greg Vaudreuil to earlier draft
versions of this document are also gratefully acknowledged.
Authors' Addresses
Tony Hansen (editor)
AT&T Laboratories
200 Laurel Ave. South
Middletown, NJ 07748
United States of America
Email: tony@att.com
Alexey Melnikov (editor)
Isode Ltd
14 Castle Mews
Hampton, Middlesex TW12 2NP
United Kingdom
Email: Alexey.Melnikov@isode.com
Hansen & Melnikov Standards Track [Page 37]