idnits 2.17.00 (12 Aug 2021) /tmp/idnits31983/draft-brotman-srds-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- -- The document date (4 April 2022) is 40 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) No issues found here. Summary: 0 errors (**), 0 flaws (~~), 0 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group A. Brotman 3 Internet-Draft Comcast, Inc 4 Intended status: Standards Track 4 April 2022 5 Expires: 6 October 2022 7 SMTP Enhanced Status Codes for Potentially Unwanted Mail 8 draft-brotman-srds-02 10 Abstract 12 We define a method by which an SMTP receiver can immediately notify a 13 sender that their message is suspected to be unwanted, although it 14 may still be accepted. 16 Status of This Memo 18 This Internet-Draft is submitted in full conformance with the 19 provisions of BCP 78 and BCP 79. 21 Internet-Drafts are working documents of the Internet Engineering 22 Task Force (IETF). Note that other groups may also distribute 23 working documents as Internet-Drafts. The list of current Internet- 24 Drafts is at https://datatracker.ietf.org/drafts/current/. 26 Internet-Drafts are draft documents valid for a maximum of six months 27 and may be updated, replaced, or obsoleted by other documents at any 28 time. It is inappropriate to use Internet-Drafts as reference 29 material or to cite them other than as "work in progress." 31 This Internet-Draft will expire on 6 October 2022. 33 Copyright Notice 35 Copyright (c) 2022 IETF Trust and the persons identified as the 36 document authors. All rights reserved. 38 This document is subject to BCP 78 and the IETF Trust's Legal 39 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 40 license-info) in effect on the date of publication of this document. 41 Please review these documents carefully, as they describe your rights 42 and restrictions with respect to this document. Code Components 43 extracted from this document must include Revised BSD License text as 44 described in Section 4.e of the Trust Legal Provisions and are 45 provided without warranty as described in the Revised BSD License. 47 Table of Contents 49 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 50 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 2 51 3. Background . . . . . . . . . . . . . . . . . . . . . . . . . 2 52 4. Enhanced status codes . . . . . . . . . . . . . . . . . . . . 3 53 4.1. Sample conversation . . . . . . . . . . . . . . . . . . . 3 54 5. Rationale for the enhanced status codes . . . . . . . . . . . 3 55 5.1. Receivers . . . . . . . . . . . . . . . . . . . . . . . . 4 56 5.2. Senders . . . . . . . . . . . . . . . . . . . . . . . . . 4 57 6. Security Considerations . . . . . . . . . . . . . . . . . . . 4 58 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 59 8. Informative References . . . . . . . . . . . . . . . . . . . 9 60 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 9 62 1. Introduction 64 Today, a typical SMTP transaction ends with a "250 OK" and the 65 message is then inspected by the receiver and processesd. In some 66 cases, it may be desirable for the receiver to provide in-line 67 feedback to inform the sender that the message may be considered to 68 be unwanted. This could be done via enhanced SMTP status codes. 69 This document proposes new response codes to receivers to provide 70 this feedback. 72 2. Terminology 74 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 75 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 76 "OPTIONAL" in this document are to be interpreted as described in 77 [RFC2119]. 79 3. Background 81 In the email ecosystem, there exist a few mechanisms by which a 82 receiver or recipient can provide feedback to the sending entity, 83 such as Feedback Reports [RFC5965] or Reputation portals. 84 Historically, these have been out-of-band or delayed. In some cases, 85 sufficient, and properly conveys information to the sender. Given 86 the out-of-band nature, these do not allow for immediate feedback to 87 the sender that their messages may be construed as undesirable by the 88 recipient. By providing this feedback to responsible senders, they 89 may be able to more immediately use that feedback to remediate the 90 responsible party. In the case of an Email Service Provider or 91 Mailbox Provider, this information could allow them to track the 92 quality of mail their users or customers send, and stop the user or 93 customer from sending when the quality is unacceptably low. 95 4. Enhanced status codes 97 This document adds ten new enhanced status codes, x.6.20 to x.6.29, 98 to inform a sender that a message was potentially unwanted. The 99 codes MUST only be used in the response after the . that indicates 100 the end of the message. They can be used either in a 250 response to 101 accept the message, or a 550 response to refuse it. 103 A sample response could be: 105 250 2.6.23 Message accepted, 40% chance of being unwanted. 107 or conversely 109 550 5.6.28 Message refused, 90% chance of being unwanted 111 The ten reply codes are used to indicate a range from 10% to 100% 112 likelihood that the message is unwanted. Codes from a single system 113 are expected to be comparable. That is, if a system replies 2.6.22 114 for one message and 2.6.24 for a second, its evaluation says the 115 second is more likely to be unwanted than the first. Since each 116 system uses its own methods to score incoming mail, there is no 117 expectation that the same message sent to different systems will 118 receive the same code. 120 4.1. Sample conversation 122 ... 123 C:DATA 124 S:354 OK 125 C:From: Bob@example.com 126 C:To: Alice@example.net 127 C:Subject: Sample spam message 128 C: 129 C:blah blah spam blah 130 C: 131 C:. 132 S:250 2.6.23 Message accepted, 40% chance of being unwanted. 133 C:QUIT 134 S:221 mailhost.example.net closing connection 136 5. Rationale for the enhanced status codes 138 Senders would use these codes when they expect a benefit to both the 139 sending and receiving side. This should be considered from both 140 sides and understand that this could allow for a more collaborative 141 interaction. 143 5.1. Receivers 145 Receivers could realize some benefit from deploying this signal. The 146 signal could help deter senders from continuing to send messages that 147 their users do not want. This could help to reduce volume into thri 148 platform, reduce storage requirements, and otherwise reduce incoming 149 mai, load. In the message is part of an attack, the sender could see 150 this signal and block mail from the account. 152 5.2. Senders 154 A sender can use this information to help understand when messages 155 from its customers or users are unwanted by recipients. Depending on 156 the sources of these messages, that could imply that the sender has a 157 bad list of recipients, a malformed message, or other problems. An 158 additional possibility is that the sending account is compromised or 159 has been created fraudulently for the express reason of attempting to 160 send unwanted messages. 162 6. Security Considerations 164 When providing information to a sender, care should be taken to give 165 information to reasonable and reliable entities. Providing these 166 codes to a malicious sender may have an undesirable effect. 167 It could help the malicious party circumvent a receiving party's mail 168 filtering mechanisms. Delaying the codes until the end of data may 169 obfuscate details of why the message would be considered unwanted. 171 A receiver should take precautions to provide the enhanced status 172 codes only to senders they believe will use that data responsibly. 173 The method to identify such senders is left up to the receiving 174 system. 176 7. IANA Considerations 178 IANA is requested to add a block of ten consecutive codes in the 179 x.6.x range to the table of the "Simple Mail Transfer Protocol (SMTP) 180 Enhanced Status Codes Registry": 182 +==================+=======================================+ 183 | Code: | X.6.20 | 184 +==================+=======================================+ 185 | Sample Text: | Message has 10% likelihood of being | 186 | | unwanted, but was accepted | 187 +------------------+---------------------------------------+ 188 | Associated basic | 250 or 550 | 189 | status code: | | 190 +------------------+---------------------------------------+ 191 | Description: | This status code is returned when a | 192 | | message is determined to have 0-10% | 193 | | likelihood of being unwanted. | 194 +------------------+---------------------------------------+ 195 | Reference: | [this document] | 196 +------------------+---------------------------------------+ 197 | Submitter: | A. Brotman | 198 +------------------+---------------------------------------+ 199 | Change | IESG | 200 | controller: | | 201 +------------------+---------------------------------------+ 202 | ----- | ----- | 203 +------------------+---------------------------------------+ 204 | Code: | X.6.21 | 205 +------------------+---------------------------------------+ 206 | Sample Text: | Message has 20% likelihood of being | 207 | | unwanted, but was accepted | 208 +------------------+---------------------------------------+ 209 | Associated basic | 250 or 550 | 210 | status code: | | 211 +------------------+---------------------------------------+ 212 | Description: | This status code is returned when a | 213 | | message is determined to have 10-20% | 214 | | likelihood of being unwanted. | 215 +------------------+---------------------------------------+ 216 | Reference: | [this document] | 217 +------------------+---------------------------------------+ 218 | Submitter: | A. Brotman | 219 +------------------+---------------------------------------+ 220 | Change | IESG | 221 | controller: | | 222 +------------------+---------------------------------------+ 223 | ----- | ----- | 224 +------------------+---------------------------------------+ 225 | Code: | X.6.22 | 226 +------------------+---------------------------------------+ 227 | Sample Text: | Message has 30% likelihood of being | 228 | | unwanted, but was accepted | 229 +------------------+---------------------------------------+ 230 | Associated basic | 250 or 550 | 231 | status code: | | 232 +------------------+---------------------------------------+ 233 | Description: | This status code is returned when a | 234 | | message is determined to have 20-30% | 235 | | likelihood of being unwanted. | 236 +------------------+---------------------------------------+ 237 | Reference: | [this document] | 238 +------------------+---------------------------------------+ 239 | Submitter: | A. Brotman | 240 +------------------+---------------------------------------+ 241 | Change | IESG | 242 | controller: | | 243 +------------------+---------------------------------------+ 244 | ----- | ----- | 245 +------------------+---------------------------------------+ 246 | Code: | X.6.23 | 247 +------------------+---------------------------------------+ 248 | Sample Text: | Message has 40% likelihood of being | 249 | | unwanted, but was accepted | 250 +------------------+---------------------------------------+ 251 | Associated basic | 250 or 550 | 252 | status code: | | 253 +------------------+---------------------------------------+ 254 | Description: | This status code is returned when a | 255 | | message is determined to have 30-40% | 256 | | likelihood of being unwanted. | 257 +------------------+---------------------------------------+ 258 | Reference: | [this document] | 259 +------------------+---------------------------------------+ 260 | Submitter: | A. Brotman | 261 +------------------+---------------------------------------+ 262 | Change | IESG | 263 | controller: | | 264 +------------------+---------------------------------------+ 265 | ----- | ----- | 266 +------------------+---------------------------------------+ 267 | Code: | X.6.24 | 268 +------------------+---------------------------------------+ 269 | Sample Text: | Message has 50% likelihood of being | 270 | | unwanted, but was accepted | 271 +------------------+---------------------------------------+ 272 | Associated basic | 250 or 550 | 273 | status code: | | 274 +------------------+---------------------------------------+ 275 | Description: | This status code is returned when a | 276 | | message is determined to have 40-50% | 277 | | likelihood of being unwanted. | 278 +------------------+---------------------------------------+ 279 | Reference: | [this document] | 280 +------------------+---------------------------------------+ 281 | Submitter: | A. Brotman | 282 +------------------+---------------------------------------+ 283 | Change | IESG | 284 | controller: | | 285 +------------------+---------------------------------------+ 286 | ----- | ----- | 287 +------------------+---------------------------------------+ 288 | Code: | X.6.25 | 289 +------------------+---------------------------------------+ 290 | Sample Text: | Message has 60% likelihood of being | 291 | | unwanted, but was accepted | 292 +------------------+---------------------------------------+ 293 | Associated basic | 250 or 550 | 294 | status code: | | 295 +------------------+---------------------------------------+ 296 | Description: | This status code is returned when a | 297 | | message is determined to have 50-60% | 298 | | likelihood of being unwanted. | 299 +------------------+---------------------------------------+ 300 | Reference: | [this document] | 301 +------------------+---------------------------------------+ 302 | Submitter: | A. Brotman | 303 +------------------+---------------------------------------+ 304 | Change | IESG | 305 | controller: | | 306 +------------------+---------------------------------------+ 307 | ----- | ----- | 308 +------------------+---------------------------------------+ 309 | Code: | X.6.26 | 310 +------------------+---------------------------------------+ 311 | Sample Text: | Message has 70% likelihood of being | 312 | | unwanted, but was accepted | 313 +------------------+---------------------------------------+ 314 | Associated basic | 250 or 550 | 315 | status code: | | 316 +------------------+---------------------------------------+ 317 | Description: | This status code is returned when a | 318 | | message is determined to have 60-70% | 319 | | likelihood of being unwanted. | 320 +------------------+---------------------------------------+ 321 | Reference: | [this document] | 322 +------------------+---------------------------------------+ 323 | Submitter: | A. Brotman | 324 +------------------+---------------------------------------+ 325 | Change | IESG | 326 | controller: | | 327 +------------------+---------------------------------------+ 328 | ----- | ----- | 329 +------------------+---------------------------------------+ 330 | Code: | X.6.27 | 331 +------------------+---------------------------------------+ 332 | Sample Text: | Message has 80% likelihood of being | 333 | | unwanted, but was accepted | 334 +------------------+---------------------------------------+ 335 | Associated basic | 250 or 550 | 336 | status code: | | 337 +------------------+---------------------------------------+ 338 | Description: | This status code is returned when a | 339 | | message is determined to have 70-80% | 340 | | likelihood of being unwanted. | 341 +------------------+---------------------------------------+ 342 | Reference: | [this document] | 343 +------------------+---------------------------------------+ 344 | Submitter: | A. Brotman | 345 +------------------+---------------------------------------+ 346 | Change | IESG | 347 | controller: | | 348 +------------------+---------------------------------------+ 349 | ----- | ----- | 350 +------------------+---------------------------------------+ 351 | Code: | X.6.28 | 352 +------------------+---------------------------------------+ 353 | Sample Text: | Message has 90% likelihood of being | 354 | | unwanted, but was accepted | 355 +------------------+---------------------------------------+ 356 | Associated basic | 250 or 550 | 357 | status code: | | 358 +------------------+---------------------------------------+ 359 | Description: | This status code is returned when a | 360 | | message is determined to have 80-90% | 361 | | likelihood of being unwanted. | 362 +------------------+---------------------------------------+ 363 | Reference: | [this document] | 364 +------------------+---------------------------------------+ 365 | Submitter: | A. Brotman | 366 +------------------+---------------------------------------+ 367 | Change | IESG | 368 | controller: | | 369 +------------------+---------------------------------------+ 370 | ----- | ----- | 371 +------------------+---------------------------------------+ 372 | Code: | X.6.29 | 373 +------------------+---------------------------------------+ 374 | Sample Text: | Message has 100% likelihood of being | 375 | | unwanted, but was accepted | 376 +------------------+---------------------------------------+ 377 | Associated basic | 250 or 550 | 378 | status code: | | 379 +------------------+---------------------------------------+ 380 | Description: | This status code is returned when a | 381 | | message is determined to have 90-100% | 382 | | likelihood of being unwanted. | 383 +------------------+---------------------------------------+ 384 | Reference: | [this document] | 385 +------------------+---------------------------------------+ 386 | Submitter: | A. Brotman | 387 +------------------+---------------------------------------+ 388 | Change | IESG | 389 | controller: | | 390 +------------------+---------------------------------------+ 392 Table 1 394 8. Informative References 396 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 397 Requirement Levels", BCP 14, RFC 2119, 398 DOI 10.17487/RFC2119, March 1997, 399 . 401 [RFC5965] Shafranovich, Y., Levine, J., and M. Kucherawy, "An 402 Extensible Format for Email Feedback Reports", RFC 5965, 403 DOI 10.17487/RFC5965, August 2010, 404 . 406 Author's Address 408 Alex Brotman 409 Comcast, Inc 410 Email: alex_brotman@comcast.com