idnits 2.17.00 (12 Aug 2021) /tmp/idnits47585/draft-crocker-email-arch-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (May 09, 2004) is 6585 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC2181' is defined on line 1013, but no explicit reference was found in the text == Unused Reference: 'RFC2423' is defined on line 1026, but no explicit reference was found in the text == Unused Reference: 'RFC2782' is defined on line 1037, but no explicit reference was found in the text == Outdated reference: draft-hutzler-spamops has been published as RFC 5068 == Outdated reference: draft-klyne-hdrreg-mail has been published as RFC 4021 == Outdated reference: draft-hutzler-spamops has been published as RFC 5068 -- Duplicate reference: draft-hutzler-spamops, mentioned in 'ID-SPAMOPS', was also mentioned in 'I-D.hutzler-spamops'. ** Obsolete normative reference: RFC 821 (Obsoleted by RFC 2821) ** Obsolete normative reference: RFC 822 (Obsoleted by RFC 2822) ** Obsolete normative reference: RFC 2048 (Obsoleted by RFC 4288, RFC 4289) ** Obsolete normative reference: RFC 2304 (Obsoleted by RFC 3192) ** Obsolete normative reference: RFC 2421 (Obsoleted by RFC 3801) ** Obsolete normative reference: RFC 2423 (Obsoleted by RFC 3801) ** Downref: Normative reference to an Informational RFC: RFC 2442 ** Obsolete normative reference: RFC 2476 (Obsoleted by RFC 4409) ** Obsolete normative reference: RFC 2465 (ref. 'RFC2645') (Obsoleted by RFC 4293, RFC 8096) ** Obsolete normative reference: RFC 2821 (Obsoleted by RFC 5321) ** Obsolete normative reference: RFC 2822 (Obsoleted by RFC 5322) ** Obsolete normative reference: RFC 3501 (Obsoleted by RFC 9051) Summary: 15 errors (**), 0 flaws (~~), 8 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 MARID / SMTP D. Crocker 3 Internet-Draft Brandenburg InternetWorking 4 Expires: November 7, 2004 May 09, 2004 6 Internet Mail Architecture 7 draft-crocker-email-arch-00 9 Status of this Memo 11 This document is an Internet-Draft and is in full conformance with 12 all provisions of Section 10 of RFC2026. 14 Internet-Drafts are working documents of the Internet Engineering 15 Task Force (IETF), its areas, and its working groups. Note that 16 other groups may also distribute working documents as 17 Internet-Drafts. 19 Internet-Drafts are draft documents valid for a maximum of six months 20 and may be updated, replaced, or obsoleted by other documents at any 21 time. It is inappropriate to use Internet-Drafts as reference 22 material or to cite them other than as "work in progress." 24 The list of current Internet-Drafts can be accessed at 25 http://www.ietf.org/ietf/1id-abstracts.txt. 27 The list of Internet-Draft Shadow Directories can be accessed at 28 http://www.ietf.org/shadow.html. 30 This Internet-Draft will expire on November 7, 2004. 32 Copyright Notice 34 Copyright (C) The Internet Society (2004). All Rights Reserved. 36 Abstract 38 Over its thirty year history, Internet mail has undergone significant 39 changes in scale and complexity. The first standardized architecture 40 for email specified a simple split between the user world and the 41 transmission world, in the form of Mail User Agents (MUA) and Mail 42 Transfer Agents (MTA). Over time each of these has divided into 43 multiple, specialized modules. Public discussion and agreement about 44 the nature of the changes to Internet mail has not kept pace, and 45 abuses of the Internet mail service have brought these issues into 46 stark relief. This draft offers clarifications and enhancements, to 47 provide a more consistent base for community discussion of email 48 service problems and proposed email service enhancements. 50 Table of Contents 52 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 53 1.1 Service Overview . . . . . . . . . . . . . . . . . . . . . . 3 54 1.2 Discussion venue . . . . . . . . . . . . . . . . . . . . . . 4 55 2. Email Identities . . . . . . . . . . . . . . . . . . . . . . 5 56 2.1 Mailbox Addresses . . . . . . . . . . . . . . . . . . . . . 5 57 2.1.1 Global Standards for Local-Part . . . . . . . . . . . . . . 5 58 2.1.2 Scope of Email Address Use . . . . . . . . . . . . . . . . . 5 59 2.2 Domain Names . . . . . . . . . . . . . . . . . . . . . . . . 6 60 2.3 Identity Reference Convention . . . . . . . . . . . . . . . 6 61 3. Email System Architecture . . . . . . . . . . . . . . . . . 6 62 3.1 Architectural Components . . . . . . . . . . . . . . . . . . 7 63 3.1.1 Mail User Agent (MUA) . . . . . . . . . . . . . . . . . . . 7 64 3.1.2 Mail Submission Agent (MSA) . . . . . . . . . . . . . . . . 9 65 3.1.3 Mail Transfer Agent (MTA) . . . . . . . . . . . . . . . . . 11 66 3.1.4 Mail Delivery Agent (MDA) . . . . . . . . . . . . . . . . . 11 67 3.2 Operational Configuration . . . . . . . . . . . . . . . . . 12 68 3.3 Layers of Identity References . . . . . . . . . . . . . . . 13 69 4. Message Data . . . . . . . . . . . . . . . . . . . . . . . . 13 70 4.1 Envelope . . . . . . . . . . . . . . . . . . . . . . . . . . 13 71 4.2 Message Headers . . . . . . . . . . . . . . . . . . . . . . 13 72 4.3 Body . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 73 5. Two Levels of Store-And-Forward . . . . . . . . . . . . . . 14 74 5.1 MTA Relaying . . . . . . . . . . . . . . . . . . . . . . . . 14 75 5.2 MUA Forwarding . . . . . . . . . . . . . . . . . . . . . . . 14 76 5.2.1 MUA Basic Forwarding . . . . . . . . . . . . . . . . . . . . 14 77 5.2.2 MUA Re-Sending . . . . . . . . . . . . . . . . . . . . . . . 15 78 5.2.3 MUA Reply . . . . . . . . . . . . . . . . . . . . . . . . . 16 79 5.2.4 MUA Gateways . . . . . . . . . . . . . . . . . . . . . . . . 17 80 5.2.5 MUA Alias Handling . . . . . . . . . . . . . . . . . . . . . 18 81 5.2.6 MUA Mailing Lists . . . . . . . . . . . . . . . . . . . . . 19 82 6. Security Considerations . . . . . . . . . . . . . . . . . . 21 83 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 21 84 Author's Address . . . . . . . . . . . . . . . . . . . . . . 23 85 A. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 23 86 Intellectual Property and Copyright Statements . . . . . . . 24 88 1. Introduction 90 Over its thirty year history, Internet mail has undergone significant 91 changes in scale and complexity. The first standardized architecture 92 for email specified a simple split between the user world and the 93 transmission world, in the form of Mail User Agents (MUA) and Mail 94 Transfer Agents (MTA). Over time each of these has sub-divided into 95 more specialized modules. 97 The basic style and use of names, addresses and message structure 98 have remained remarkably constant. However each has benefited from 99 significant elaborations. Public discussion and agreement about the 100 nature of these changes has not kept pace, and abuses of the Internet 101 mail service have brought these issues into stark relief. 103 The current draft seeks to: 105 1. document changes that have taken place in refining the email 106 model 108 2. clarify functional roles for the architectural components 110 3. clarify identity-related issues, across the email service 112 4. provide a common venue for further defining and citing modern 113 Internet mail architecture 115 1.1 Service Overview 117 End-to-end Internet mail exchange is accomplished by using a 118 standardized infrastructure comprising: 120 1. an email object 122 2. global addressing 124 3. a connected sequence of point-to-point transfer mechanisms 126 4. no prior arrangement between originator and recipient 128 5. no prior arrangement between point-to-point transfer services, 129 over the open Internet 131 The end-to-end portion of the service is the message. Broadly the 132 message, itself, is divided between handling control information and 133 user message payload. 135 A precept to the design of Internet mail is to permit 136 interoperability with no prior, direct administrative arrangement 137 between the participants. That is, all participants rely on having 138 the core services be universally supported, either directly or 139 through gateways that translate between Internet mail standards and 140 other email conventions. 142 For localized environments (edge networks) prior, administrative 143 arrangement can include access control, routing and lookup service 144 configuration. One change to local environments, occurring in recent 145 years, is an increased requirement for authentication or, at least, 146 accountability. In these cases, the server performs explicit 147 validation of the client's identity. 149 1.2 Discussion venue 151 NOTE: This document is the work of a single person, about a topic 152 with considerable diversity of views. It is certain to be 153 incomplete and inaccurate. Some errors simply need to be 154 reported; they will get fixed. Others need to be discussed by the 155 community, because the real requirement is to develop common 156 community views. To this end, please treat the draft as a 157 touchstone for public discussion. 159 Discussion about this document should be directed to the: 161 163 mailing list. Located at 164 the ietf-smtp mailing list is the most active, long-standing venue 165 for discussing email architecture. Although this list is primarily 166 for discussing only the SMTP protocol, it is recommended that 167 discussion of this draft take place on that mailing list. This list 168 tends to attend to end-to-end infrastructure and architecture issues 169 more than other email-related mailing lists. 171 o The list also is pertinent 172 . However it's focus is 173 on the message, itself, so that transfer issues are typically 174 excluded. In addition, this list has not be very active recently. 176 o A currently active mailing list, likely to impact Internet mail 177 architecture, is . This list is 178 devoted to matters of spam control, so that underlying matters of 179 Internet mail architecture are probably best deferred to a more 180 general list, such as ietf-smtp. 182 o Also currently active is the , which is 183 considering enhancements for interaction between thin MUAs and 184 MSAs. 186 2. Email Identities 188 Internet mail uses two forms of identity. The most common is the 189 mailbox address [RFC2822]. The other form is the [RFC1034]. 192 2.1 Mailbox Addresses 194 An addr-spec has two distinct parts, divided by an at-sign ("@"). 195 The right-hand side contains a globally interpreted name for an 196 administrative domain. This domain name might refer to an entire 197 organization, or to a collection of machines integrated into a 198 homogeneous service, or to a single machine. Domain names are 199 defined and operated through the DNS [RFC1034], [RFC1035]. 201 The left-hand side of the at-sign contains a string that is globally 202 opaque and is called the . It is to be interpreted only 203 by the entity specified in the address's right-hand side. All other 204 entities must treat the local-part as a uninterpreted, literal string 205 and must preserve all of its original details. As such, its 206 distribution is equivalent to sending a "cookie" that is only 207 interpreted upon being returned to its originator. 209 2.1.1 Global Standards for Local-Part 211 A small class of addresses have an elaboration on basic email 212 addressing, with a standardized, global schema for the local-part. 213 These are conventions between originating end-systems and recipient 214 gateways, and they are invisible to the public email transfer 215 infrastructure. When an originator is explicitly sending via a 216 gateway out of the Internet, there are coding conventions for the 217 local-part, so that the originator can formulate instructions for the 218 gateway. Standardized examples of this are the telephone numbering 219 formats for VPIM [RFC2421], such as "+16137637582@vpim.example.com", 220 and iFax [RFC2304], such as "FAX=+12027653000/ 221 T33S=1387@ifax.example.com". 223 2.1.2 Scope of Email Address Use 225 Email addresses are being used far beyond their original email 226 transfer and delivery role. In practical terms, email strings have 227 become a common form of user identity on the Internet. What is 228 essential, then, is to be clear about the nature and role of an 229 identity string in a particular context and to be clear about the 230 entity responsible for setting that string. 232 2.2 Domain Names 234 A domain name is a global reference to an Internet resource, such as 235 a host, a service or a network. A name usually maps to an IP 236 Address. A domain name can be administered to refer to individual 237 users, but this is not common practice. The name is structure as a 238 hierarchical sequence of sub-names, separated by dots ("."). 240 When not part of a mailbox address, a domain name is used in Internet 241 mail to refer to a node that took action upon the message, such as 242 providing the administrative scope for a message identifier, or 243 performing transfer processing. 245 2.3 Identity Reference Convention 247 In this document, fields containing identity references are labeled 248 in a two-part, dotted notation, that cites document defining them and 249 the field containing them. Hence, is the From field 250 in an email content header, and is the address in 251 the SMTP "Mail From" command. 253 3. Email System Architecture 255 NOTE: A discussion about any interesting system architecture is often 256 complicated by confusion between architecture versus 257 implementation. An architecture defines the conceptual functions 258 of a service, divided into discrete conceptual modules. An 259 implementation of that architecture may combine or separate 260 architectural components, as needed for a particular operational 261 environment. It is important not to confuse the engineering 262 decisions that are made to implement a product, with the 263 architectural abstractions used to define conceptual functions. 265 Modern Internet email architecture distinguishes four types of 266 components, arranged to support a store-and-forward service 267 architecture: 269 +------ MUA originator (oMUA) 270 | | 271 RFC2822 | < submission, smtp 272 | MSA 273 | | < smtp 274 | MTA 275 | | < smtp 276 | MTA 277 | | < smtp 278 | . 279 | . 280 | . 281 | | 282 | MTA 283 | | < smtp 284 | MTA 285 | | < smtp 286 | MDA 287 | | < pop, imap 288 | | 289 +------ MUA recipient (rMUA) 291 Software implementations of these architectural components often 292 compress them, such as having the same software do MSA, MTA and MDA 293 functions. However the requirements for each of these components of 294 the architecture are becoming more extensive. So, their separation 295 is increasingly common. 297 3.1 Architectural Components 299 3.1.1 Mail User Agent (MUA) 301 An works on behalf of end-users and end-user applications. It 302 is their "representative" within the email service. 304 At the origination side of the service, the is used to create 305 a message and perform initial "submission" into the transfer 306 infrastructure, via an . It may also perform any creation- and 307 posting-time archival. An MUA outbox is part of the origination-side 308 MUA. 310 The inbox and other folders are part of the recipient-side 311 that works on behalf of the end-user to process received mail. This 312 includes generating user-level return control messages, display and 313 disposition of the received message, and closing or expanding the 314 user communication loop, by initiating replies and forwarding new 315 messages. 317 An MUA may, itself, have a distributed architecture, such as 318 implementing a "thin" user interface module on a limited end-user 319 device, with the bulk of the MUA functionality operated remotely on a 320 more capable server. An example of such an architecture might use 321 IMAP [RFC3501] for most of the interactions between an MUA client and 322 an MUA server. 324 A special class of MUA functions perform message forwarding, as 325 discussed in the MUA Forwarding (Section 5.2) section. 327 Identity fields set by the MUA include: 329 +---------------------------------+---------------------------------+ 330 | Identity | Role | 331 +---------------------------------+---------------------------------+ 332 | RFC2822.From | Names and addresses for | 333 | | author(s) of the message | 334 | | content are listed in the From | 335 | | header | 336 | RFC2822.Reply-To | If a message recipient sends a | 337 | | message that would otherwise | 338 | | use the RFC2822.From field | 339 | | information in the original | 340 | | message, they are to use the | 341 | | contents of the | 342 | | RFC2822.Reply-To field instead. | 343 | | In other words, this field is a | 344 | | direct override of the From | 345 | | field, for responses from | 346 | | recipients. | 347 | RFC2822.Sender | This specifies the address | 348 | | responsible for submission into | 349 | | the transfer service. For | 350 | | efficiency, this field should | 351 | | be omitted if it contains the | 352 | | same address as RFC2822.From. | 353 | | However this does not mean | 354 | | there is no Sender specified. | 355 | | Rather, it means that that | 356 | | header is virtual and that the | 357 | | address in the From field must | 358 | | be used. Specification of the | 359 | | error return addresses (the | 360 | | "bounces" address, contained in | 361 | | RFC2821.MailFrom) is made by | 362 | | the Sender. Typically the | 363 | | bounce address is the same as | 364 | | the Sender address. However | 365 | | some usage scenarios require it | 366 | | to be different. | 367 | RFC2822.To, RFC2822.CC | These specify MUA recipient | 368 | | addresses. The distinction | 369 | | between To and CC is | 370 | | subjective. Generally, a To | 371 | | addressee is considered primary | 372 | | and is expected to take action | 373 | | on the message. A CC addressee | 374 | | typically receives a copy only | 375 | | for their information. | 376 | RFC2822.BCC | A message might be copied to an | 377 | | addressee who is not to be | 378 | | disclosed to the RFC2822.TO or | 379 | | RFC2822.CC recipients. The BCC | 380 | | header indicates a message copy | 381 | | to such a recipient. Typically, | 382 | | the field lists no addresses or | 383 | | only lists the address of the | 384 | | single recipient receiving the | 385 | | copy. This ensures that even | 386 | | other BCC recipients do not | 387 | | know of each other. | 388 +---------------------------------+---------------------------------+ 390 Table 1: Message Identities 392 3.1.2 Mail Submission Agent (MSA) 394 An accepts the message submission from the oMUA and conditions 395 it for insertion into the global email transfer network, according to 396 the policies of the hosting network and the requirements of Internet 397 standards. It implements a server function to MUAs and a client 398 function to MTAs (or MDAs). 400 Examples of MSA-styled functions, in the world of paper mail, might 401 range across the very different capabilities of administrative 402 assistants, postal drop boxes, and post office front-counter 403 employees. 405 The MUA/MSA interface can be implemented within single host and use 406 private conventions for their interactions. Historically, 407 standards-based MUA/MSA interactions have used SMTP [RFC2821]. 408 However a recent alternative is SUBMISSION [RFC2476]. Although 409 SUBMISSION derives from SMTP, it operates on a separate TCP port, and 410 will typically impose distinct requirements, such as access 411 authorization. 413 Identities set by the MSA include: 415 +---------------------------------+---------------------------------+ 416 | Identity | Role | 417 +---------------------------------+---------------------------------+ 418 | RFC2821.HELO or RFC2821.EHLO | The MSA may specify its hosting | 419 | | domain identity for the SMTP | 420 | | HELO or EHLO command operation. | 421 | RFC2821.MailFrom | This is an end-to-end string | 422 | | that specifies an email address | 423 | | for receiving return control | 424 | | information, such as "bounces". | 425 | | The name of this field is | 426 | | misleading, because it is not | 427 | | required to specify either the | 428 | | author or the agent responsible | 429 | | for submitting the message. | 430 | | Rather, the agent responsible | 431 | | for submission specifies the | 432 | | RFC2821.MailFrom address. | 433 | | Ultimately the simple basis for | 434 | | deciding what address needs to | 435 | | be in the RFC2821.MailFrom is | 436 | | to determine what address needs | 437 | | to be informed about | 438 | | transmission-level problems | 439 | | (and, possibly, successes.) | 440 | RFC2821.Rcpt-To | This specifies the MUA inbox | 441 | | address of a recipient. The | 442 | | string might not be visible in | 443 | | the message content headers. | 444 | | For example, the message | 445 | | destination address headers, | 446 | | such as RFC2822.To, might | 447 | | specify a mailing list address, | 448 | | while the RFC2821.Rcpt-To | 449 | | address specifies a member of | 450 | | that list. | 451 | RFC2821.Received | An MSA may record a Received | 452 | | header, to indicate initial | 453 | | submission trace information, | 454 | | including originating host and | 455 | | MSA host domain names and/or IP | 456 | | Addresses. | 457 +---------------------------------+---------------------------------+ 459 Table 2: MSA Identities 461 3.1.3 Mail Transfer Agent (MTA) 463 An relays a message to another other MTA or to an , in a 464 point-to-point exchange. Relaying is performed by a sequence of 465 MTAs, until the message reaches its destination MDA. Hence an MTA 466 implements both client and server MTA functionality. 468 The basic store-and-forward functionality of an MTA is similar to 469 that of a packet switch or router. However email objects are 470 typically much larger than the payload of a packet or datagram, and 471 the end-to-end latencies are typically much higher. Contrary to 472 typical packet switches (and Instant Messaging services) Internet 473 mail MTAs typically store messages in a manner that allows recovery 474 across services interruptions, such as host system shutdown. 476 Internet mail primarily uses SMTP [RFC2821], [RFC0821] to effect 477 point-to-point transfers between peer MTAs. Other transfer 478 mechanisms include Batch SMTP [RFC2442] and ODMR [RFC2645] 480 An important characteristic of MTA-MTA communications, over the open 481 Internet, is that they do not require prior arrangement between the 482 independent administrations operating the different MTAs. Given the 483 importance of spontaneity and serendipity in the world of human 484 communications, this lack of prearrangement, between the 485 participants, is a core benefit of Internet mail and remains a core 486 requirement for it. 488 3.1.4 Mail Delivery Agent (MDA) 490 The delivers email to the recipient's inbox. 492 An MDA can provide distinctive, address-based functionality, made 493 possible by its detailed knowledge of the properties of the 494 destination address. This knowledge might also be present earlier in 495 an MTA relaying sequence that ends with the MDA, such as at an 496 organizational gateway. However it is required for the MDA, if only 497 because the MDA must know where to store the message. This knowledge 498 is used to achieve differential handling of messages. 500 Using Internet protocols, delivery is effected with POP [RFC1939], 501 IMAP [RFC3501]. SMTP permits "push" delivery to the recipient 502 system, at the imitative of the upstream email service. POP is used 503 for "pull" delivery at the initiative of the recipient system. 504 Notably, SMTP and POP effect a transfer of message control from the 505 email service to the recipient host. In contrast, IMAP provides 506 on-going, interactive access to a message store, and does not effect 507 a transfer of message control to the end-user host. Instead, control 508 stays with the message store host that is being access by the user. 510 Identities set by the MSA include: 512 +---------------------------------+---------------------------------+ 513 | Identity | Role | 514 +---------------------------------+---------------------------------+ 515 | RFC2821.HELO or RFC2821.EHLO | The MTA may specify its hosting | 516 | | domain identity for the SMTP | 517 | | HELO or EHLO command operation. | 518 | RFC2822.Received | An MTA must record a Received | 519 | | header, to indicate trace | 520 | | information, including source | 521 | | host and receiving host domain | 522 | | names and/or IP Addresses. | 523 +---------------------------------+---------------------------------+ 525 Table 3: MTA Identities 527 3.2 Operational Configuration 529 Mail service components can be arranged into numerous organizational 530 structures, each with independent software and administration. One 531 common arrangement is to distinguish: 533 1. an open, core, global email transfer infrastructure 535 2. independent transfer services in networks at the edge of the core 537 3. end-user services 539 Edge networks may use proprietary email standards. However the 540 distinction between "public" network and edge network transfer 541 services is primarily significant because it highlights the need for 542 concern over interaction and protection between independent 543 administrations. In particular, this distinctions calls for 544 additional care in assessing transitions of responsibility, as well 545 as the accountability and authorization relationships among 546 participants in email transfer. 548 On the other hand, real-world operations of Internet mail 549 environments do impose boundaries such as access control at 550 organizational firewalls to the Internet. It should be noted that 551 the current Internet Mail architecture offers no special constructs 552 for these configuration choices. The current design of Internet mail 553 is for a seamless, end-to-end store-and-forward sequence. It is 554 possible that the architectural enhancement will not require new 555 protocols, but rather will require clarification of best practises, 556 as exemplified by a recent effort [I-D.hutzler-spamops] 558 3.3 Layers of Identity References 560 For a message in transit, the core identity fields combine into 562 +-----------------+--------------+-------------------+ 563 | Layer | Field | Set By | 564 +-----------------+--------------+-------------------+ 565 | Message Content | MIME Headers | Author | 566 | Message Headers | From | Author | 567 | | Sender | Agent of Author | 568 | | Reply-To | Author | 569 | | To, CC, BCC | Author | 570 | | Received | MSA, MTA, MDA | 571 | | Return-Path | MDA from MailFrom | 572 | SMTP | HELO | Latest MTA Client | 573 | | MailFrom | Agent of Author | 574 | | RCPT-TO | MSA | 575 | IP | IP Address | Latest MTA Client | 576 +-----------------+--------------+-------------------+ 578 4. Message Data 580 4.1 Envelope 582 Information that is directly used or produced by the email transfer 583 service is called the "envelope". It controls and records handling 584 activities by the transfer service. Internet mail has a fragmented 585 framework for handling this "handling" information. The envelope 586 exists partly in the transfer protocol SMTP [RFC2821] and partly in 587 the message object [RFC2822]. 589 Direct envelope addressing information, and optional transfer 590 directives, are carried in-band by MTAs. All other envelope 591 information, such as trace records, is carried within the content 592 headers. Upon delivery, SMTP-level envelope information is typically 593 encoded within additional content headers, such as Return-Path and 594 Received (From and For). 596 4.2 Message Headers 598 Headers are attribute/value pairs covering an extensible range of 599 email service, user content and user transaction meta-information. 600 The core set of headers is defined in [RFC2822], [RFC0822]. It is 601 common to extend this set, for different applications. A complete 602 set of registered headers is being developed through [ID-HDR-Reg]. 604 One danger with placing additional information in headers is that 605 gateways often alter or delete them. 607 4.3 Body 609 The body of a message might simply be lines of ASCII text or it might 610 be structured into a composition of multi-media, body-part 611 attachments, using MIME [RFC2045], [RFC2046], [RFC2047], [RFC2048], 612 and [RFC2049]. It should be noted that MIME structures each 613 body-part into a recursive set of MIME Header meta-data and MIME 614 Content sections. 616 5. Two Levels of Store-And-Forward 618 Basic email transfer is accomplished with an asynchronous 619 store-and-forward communication infrastructure. This means that 620 moving a message from an originator to a recipient involves a 621 sequence of independent transmissions through some number of 622 intermediaries, called MTAs. A very different task is the user-level 623 process of re-posting a message through a new submission process, 624 after final delivery for an earlier transfer sequence. Such 625 MUA-based re-posting shares some functionality with basic MTA 626 relaying, but it enjoys a degree of freedom with both addressing and 627 content that is not available to MTAs. 629 The primary "routing" mechanism for Internet mail is the DNS MX 630 record [RFC1035]. It is an advertisement, by a recipient domain, of 631 hosts that are able to relay mail to it, within the portion of the 632 Internet served by this instance of the DNS. 634 5.1 MTA Relaying 636 MTAs relay mail. They are like packet-switches and IP routers. 637 Their job is to make routing assessments and to move the message 638 payload data closer to the recipient. It is not their job to 639 reformulate the payload or to change addresses in the envelope or the 640 content. 642 5.2 MUA Forwarding 644 Forwarding is performed by MUAs that take a received message and 645 submit it back to the transfer service, for delivery to one or more 646 different addresses. A forwarded message may appear identical to a 647 relayed message, such as for Alias forwarders, or it may have minimal 648 similarity, as with a Reply. 650 5.2.1 MUA Basic Forwarding 652 The simplest type of forwarding involves creating an entirely new 653 message, with new content, that includes the original message between 654 Originator-1 and Recipient-1. However this forwarded communication 655 is between Recipient-1 (who could also be called Originator-2) and a 656 new recipient, Recipient-2. The forwarded message is therefore 657 independent of the original message exchange and creates a new 658 message dialogue. 660 5.2.2 MUA Re-Sending 662 A recipient may wish to declare that an alternate addressee should 663 take on responsibility for a message, or otherwise become involved in 664 the original communication. They do this through a user-level 665 forwarding function, called re-sending. The act of re-sending, or 666 re-directing, splices a communication between Originator-1 and 667 Recipient-1, to become a communication between Originator-1 and new 668 Recipient-2. In this case, the content of the new message is the old 669 message, including preservation of the essential aspects of the 670 original message's origination information. 672 Identities specified in a resent message include 674 +---------------------------------+---------------------------------+ 675 | Identity | Role | 676 +---------------------------------+---------------------------------+ 677 | RFC2822.From | Names and email addresses for | 678 | | the original author(s) of the | 679 | | message content are retained. | 680 | | The free-form (display-name) | 681 | | portion of the address might be | 682 | | modified to provide informal | 683 | | reference to the agent | 684 | | responsible for the | 685 | | redirection. | 686 | RFC2822.Reply-To | If this field is present in the | 687 | | original message, it should be | 688 | | retained in the Re-sent | 689 | | message. | 690 | RFC2822.Sender | This field is expected to | 691 | | contain the original Sender | 692 | | value. | 693 | RFC2822.TO, RFC2822.CC, | These specify the original | 694 | RFC2822.BCC | message recipients. | 695 | RFC2822.Resent-From | The address of the original | 696 | | recipient who is redirecting | 697 | | the message. Otherwise, the | 698 | | same rules apply for the | 699 | | Resent-From field as for an | 700 | | original RFC2822.From field | 701 | RFC2822.Resent-Sender | The address of the agent | 702 | | responsible for re-submitting | 703 | | the message. For efficiency, | 704 | | this field should be omitted if | 705 | | it contains the same address as | 706 | | RFC2822.Resent-From. However | 707 | | this does not mean there is no | 708 | | Resend-Sender specified. | 709 | | Rather, it means that that | 710 | | header is virtual and that the | 711 | | address in the Resent-From | 712 | | field must be used. | 713 | | Specification of the error | 714 | | return addresses (the "bounces" | 715 | | address, contained in | 716 | | RFC2821.MailFrom) is made by | 717 | | the Resent-Sender. Typically | 718 | | the bounce address is the same | 719 | | as the Resent-Sender address. | 720 | | However some usage scenarios | 721 | | require it to be different. | 722 | RFC2822.Resent-To, | The addresses of the new | 723 | RFC2822.Resent-cc, | recipients who will now be able | 724 | RFC2822.Resent-bcc | to reply to the original | 725 | | author. | 726 | RFC2821.MailFrom | The agent responsible for | 727 | | re-submission | 728 | | (RFC2822.Resent-Sender) is also | 729 | | responsible for specifying the | 730 | | new RFC2821.MailFrom address. | 731 | RFC2821.Rcpt-to | This will contain the address | 732 | | of a new recipient | 733 | RFC2822.Received | When re-sending a message, the | 734 | | submission agent may record a | 735 | | Received header, to indicate | 736 | | the transition from original | 737 | | posting to resubmission. | 738 +---------------------------------+---------------------------------+ 740 Table 5: ReSent Identities 742 5.2.3 MUA Reply 744 When a recipient formulates a response to a message, the new message 745 is not typically viewed as being a "forwarding" of the original. 747 5.2.4 MUA Gateways 749 Gateways perform the basic routing and transfer work of message 750 relaying, but they also make any message or address modifications 751 that are needed to send the message into the next messaging 752 environment. When a gateway connects two differing messaging 753 services, its role is easy to identify and understand. When it 754 connects environments that have technical similarity, but may have 755 significant administrative differences, it is easy to think that a 756 gateway is merely an MTA. The critical distinguish between an MTA 757 and a gateway is that the latter modifies addresses and/or message 758 content. 760 A gateway may set any identity field available to a regular MUA. 761 Identities typically set by gateways include 763 +---------------------------------+---------------------------------+ 764 | Identity | Role | 765 +---------------------------------+---------------------------------+ 766 | RFC2822.From | Names and email addresses for | 767 | | the original author(s) of the | 768 | | message content are retained. | 769 | | As for all original addressing | 770 | | information in the message, the | 771 | | gateway may translate addresses | 772 | | in whatever way will allow them | 773 | | continue to be useful in the | 774 | | target environment. | 775 | RFC2822.Reply-To | The gateway should retain this | 776 | | information, if it is | 777 | | originally present. The ability | 778 | | to perform a successful reply | 779 | | by a gatewayed recipient is a | 780 | | typical test of gateway | 781 | | functionality. | 782 | RFC2822.Sender | This may retain the original | 783 | | value or may be set to a new | 784 | | address | 785 | RFC2822.TO, RFC2822.CC, | These usually retain their | 786 | RFC2822.BCC | original addresses. | 787 | RFC2821.MailFrom | The agent responsible for | 788 | | gatewaying the message may | 789 | | choose to specify a new address | 790 | | to receive handling notices. | 791 | RFC2822.Received | The gateway may record a | 792 | | Received header, to indicate | 793 | | the transition from original | 794 | | posting to the new messaging | 795 | | environment. | 796 +---------------------------------+---------------------------------+ 798 Table 6: Gateway Identities 800 5.2.5 MUA Alias Handling 802 A simple re-addressing facility that is available in most MDA 803 implementations is called Aliasing. It is performed just before 804 placing a message into the specified recipient's inbox. Instead, the 805 message is submitted back to the transfer service, for delivery to 806 one or more alternate addresses. Although implemented as part of the 807 message delivery service, this facility is strictly a recipient user 808 function. In effect it resubmits the message to a new address, on 809 behalf of the listed recipient. 811 What is most distinctive about this forwarding mechanism is how 812 closely it compares to normal MTA store-and-forward. In reality its 813 only interesting difference is that it changes the RFC2821.RCPT-TO 814 value. Notably it does not typically change the RFC2821.Mailfrom 816 An MDA that is re-posting a message to an alias typically changes 817 only envelope information: 819 +---------------------------------+---------------------------------+ 820 | Identity | Role | 821 +---------------------------------+---------------------------------+ 822 | RFC2822.TO, RFC2822.CC, | These retain their original | 823 | RFC2822.BCC | addresses. | 824 | RFC2821.Rcpt-To | This field contains an alias | 825 | | address. | 826 | RFC2821.MailFrom | The agent responsible for | 827 | | submission to an alias address | 828 | | will usually retain the | 829 | | original address to receive | 830 | | handling notifications. The | 831 | | benefit of retaining the | 832 | | original MailFrom value is to | 833 | | ensure that the | 834 | | origination-side agent knows of | 835 | | that there has been a delivery | 836 | | problem. On the other hand, the | 837 | | responsibility for the problem | 838 | | usually lies with the | 839 | | recipient, since the Alias | 840 | | mechanism is strictly under the | 841 | | recipient's control. | 842 | RFC2821.Received | The agent should record | 843 | | Received information, to | 844 | | indicate the delivery to the | 845 | | original address and submission | 846 | | to the alias address. The trace | 847 | | of Received headers should | 848 | | include everything from | 849 | | original posting through final | 850 | | delivery to the alias. | 851 +---------------------------------+---------------------------------+ 853 Table 7: Alias Identities 855 5.2.6 MUA Mailing Lists 857 Mailing lists have explicit email addresses and forward messages to a 858 list of subscribed members. Mailing list processing is a user-level 859 activity, outside of the core email transfer service. The mailing 860 list address is, therefore, associated with a distinct user-level 861 entity that can perform arbitrary actions upon the original message, 862 before submitting it to the mailing list membership. Hence, mailing 863 lists are similar to gateways. 865 Identities set by a mailing list processor, when submitting a 866 message, include: 868 +---------------------------------+---------------------------------+ 869 | Identity | Role | 870 +---------------------------------+---------------------------------+ 871 | RFC2919.List-id | This provides a global mailing | 872 | | list naming framework that is | 873 | | independent of particular | 874 | | hosts. Although [RFC2919] is a | 875 | | standards-track specification, | 876 | | it has not gained significant | 877 | | adoption. | 878 | RFC2369.List-* | [RFC2369] defines a collection | 879 | | of message headers for use by | 880 | | mailing lists. In effect, they | 881 | | supply list-specific parameters | 882 | | for common mailing list user | 883 | | operations. The identifiers for | 884 | | these operations are for the | 885 | | list, itself, and the | 886 | | user-as-subscriber. | 887 | RFC2822.From | Names and email addresses for | 888 | | the original author(s) of the | 889 | | message content are specified. | 890 | RFC2822.Reply-To | Mailing lists have introduced | 891 | | an ambiguity for the Reply-To | 892 | | field. Some List operations | 893 | | choose to force all replies to | 894 | | go to all list members. They | 895 | | achieve this by placing the | 896 | | list address into the | 897 | | RFC2822.Reply-To field. Hence, | 898 | | direct, "private" replies only | 899 | | to the original author cannot | 900 | | be achieved by using the MUA's | 901 | | typical "reply to author" | 902 | | function. If the author created | 903 | | a Reply-To field, its | 904 | | information is lost. | 905 | RFC2822.Sender | This will usually specify the | 906 | | address of the agent | 907 | | responsible for mailing list | 908 | | operations. However, some | 909 | | mailing lists operate in a | 910 | | manner very similar to a simple | 911 | | MTA relay, so that they | 912 | | preserve as much of the | 913 | | original handling information | 914 | | as possible, including the | 915 | | original RFC2822.Sender field. | 916 | RFC2822.TO, RFC2822.CC | These will usually contain the | 917 | | original list of recipient | 918 | | addresses. | 919 | RFC2821.MailFrom | This may contain the original | 920 | | address to be notified of | 921 | | transmission issues, or the | 922 | | mailing list agent may set it | 923 | | to contain a new notification | 924 | | address. Typically, the value | 925 | | is set to a new address, so | 926 | | that mailing list members and | 927 | | posters are not burdened with | 928 | | transmission-related | 929 | | notifications. | 930 | RFC2821.Rcpt-To | This contain the address of a | 931 | | mailing list member. | 932 | RFC2821.Received | An Mailing List Agent should | 933 | | record a Received header, to | 934 | | indicate the transition from | 935 | | original posting to mailing | 936 | | list forwarding. The Agent may | 937 | | choose to have the message | 938 | | retain the original set of | 939 | | Received headers or may choose | 940 | | to remove them. In the latter | 941 | | case, it should ensure that the | 942 | | original Received headers are | 943 | | otherwise available, to ensure | 944 | | later accountability and | 945 | | diagnostic access to it. | 946 +---------------------------------+---------------------------------+ 948 Table 8: Mailing List Identities 950 6. Security Considerations 952 This document does not specify any new Internet mail functionality. 953 Consequently it should introduce no new security considerations. 955 However its discussion of the roles and responsibilities for 956 different mail service modules, and the information they create, 957 highlights the considerable security considerations that must be 958 present when implementing any component of the Internet mail service. 960 7 References 962 [I-D.hutzler-spamops] 963 Hutzler, C., Crocker, D., Resnick, P., Sanderson, R. and 964 E. Allman, "Email Submission Between Independent 965 Networks", draft-hutzler-spamops-00 (work in progress), 966 March 2004. 968 [ID-HDR-Reg] 969 "Registration of mail and MIME header fields", 970 draft-klyne-hdrreg-mail-04.txt (work in progress), Apr 971 2004. 973 [ID-SPAMOPS] 974 Hutzler, C., Crocker, D., Resnick, P., Sanders, R. and E. 975 Allman, "Email Submission Between Independent Networks", 976 I-D draft-hutzler-spamops-00.txt, March 2004. 978 [RFC0821] Postel, J., "Simple Mail Transfer Protocol", STD 10, RFC 979 821, August 1982. 981 [RFC0822] Crocker, D., "Standard for the format of ARPA Internet 982 text messages", STD 11, RFC 822, August 1982. 984 [RFC1034] Mockapetris, P., "Domain names - concepts and facilities", 985 STD 13, RFC 1034, November 1987. 987 [RFC1035] Mockapetris, P., "Domain names - implementation and 988 specification", STD 13, RFC 1035, November 1987. 990 [RFC1939] Myers, J. and M. Rose, "Post Office Protocol - Version 3", 991 STD 53, RFC 1939, May 1996. 993 [RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail 994 Extensions (MIME) Part One: Format of Internet Message 995 Bodies", RFC 2045, November 1996. 997 [RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail 998 Extensions (MIME) Part Two: Media Types", RFC 2046, 999 November 1996. 1001 [RFC2047] Moore, K., "MIME (Multipurpose Internet Mail Extensions) 1002 Part Three: Message Header Extensions for Non-ASCII Text", 1003 RFC 2047, November 1996. 1005 [RFC2048] Freed, N., Klensin, J. and J. Postel, "Multipurpose 1006 Internet Mail Extensions (MIME) Part Four: Registration 1007 Procedures", BCP 13, RFC 2048, November 1996. 1009 [RFC2049] Freed, N. and N. Borenstein, "Multipurpose Internet Mail 1010 Extensions (MIME) Part Five: Conformance Criteria and 1011 Examples", RFC 2049, November 1996. 1013 [RFC2181] Elz, R. and R. Bush, "Clarifications to the DNS 1014 Specification", RFC 2181, July 1997. 1016 [RFC2304] Allocchio, C., "Minimal FAX address format in Internet 1017 Mail", RFC 2304, March 1998. 1019 [RFC2369] Neufeld, G. and J. Baer, "The Use of URLs as Meta-Syntax 1020 for Core Mail List Commands and their Transport through 1021 Message Header Fields", RFC 2369, July 1998. 1023 [RFC2421] Vaudreuil, G. and G. Parsons, "Voice Profile for Internet 1024 Mail - version 2", RFC 2421, September 1998. 1026 [RFC2423] Vaudreuil, G. and G. Parsons, "VPIM Voice Message MIME 1027 Sub-type Registration", RFC 2423, September 1998. 1029 [RFC2442] "The Batch SMTP Media Type", RFC 2442, November 1998. 1031 [RFC2476] Gellens, R. and J. Klensin, "Message Submission", RFC 1032 2476, December 1998. 1034 [RFC2645] "On-Demand Mail Relay (ODMR) SMTP with Dynamic IP 1035 Addresses", RFC 2465, August 1999. 1037 [RFC2782] Gulbrandsen, A., Vixie, P. and L. Esibov, "A DNS RR for 1038 specifying the location of services (DNS SRV)", RFC 2782, 1039 February 2000. 1041 [RFC2821] Klensin, J., "Simple Mail Transfer Protocol", RFC 2821, 1042 April 2001. 1044 [RFC2822] Resnick, P., "Internet Message Format", RFC 2822, April 1045 2001. 1047 [RFC2919] Chandhok, R. and G. Wenger, "List-Id: A Structured Field 1048 and Namespace for the Identification of Mailing Lists", 1049 RFC 2919, March 2001. 1051 [RFC3501] Crispin, M., "Internet Message Access Protocol - Version 1052 4rev1", RFC 3501, March 2003. 1054 Author's Address 1056 Dave Crocker 1057 Brandenburg InternetWorking 1058 675 Spruce Drive 1059 Sunnyvale, CA 94086 1060 USA 1062 Phone: +1.408.246.8253 1063 EMail: dcrocker@brandenburg.com 1065 Appendix A. Acknowledgements 1067 The Email Architecture section derives from draft-hutzler-spamops 1068 [ID-SPAMOPS]. The text has been further elaborated. 1070 Graham Klyne, Pete Resnick and Steve Atkins provided thoughtful 1071 insight on the framework and details of early drafts. 1073 Intellectual Property Statement 1075 The IETF takes no position regarding the validity or scope of any 1076 intellectual property or other rights that might be claimed to 1077 pertain to the implementation or use of the technology described in 1078 this document or the extent to which any license under such rights 1079 might or might not be available; neither does it represent that it 1080 has made any effort to identify any such rights. Information on the 1081 IETF's procedures with respect to rights in standards-track and 1082 standards-related documentation can be found in BCP-11. Copies of 1083 claims of rights made available for publication and any assurances of 1084 licenses to be made available, or the result of an attempt made to 1085 obtain a general license or permission for the use of such 1086 proprietary rights by implementors or users of this specification can 1087 be obtained from the IETF Secretariat. 1089 The IETF invites any interested party to bring to its attention any 1090 copyrights, patents or patent applications, or other proprietary 1091 rights which may cover technology that may be required to practice 1092 this standard. Please address the information to the IETF Executive 1093 Director. 1095 Full Copyright Statement 1097 Copyright (C) The Internet Society (2004). All Rights Reserved. 1099 This document and translations of it may be copied and furnished to 1100 others, and derivative works that comment on or otherwise explain it 1101 or assist in its implementation may be prepared, copied, published 1102 and distributed, in whole or in part, without restriction of any 1103 kind, provided that the above copyright notice and this paragraph are 1104 included on all such copies and derivative works. However, this 1105 document itself may not be modified in any way, such as by removing 1106 the copyright notice or references to the Internet Society or other 1107 Internet organizations, except as needed for the purpose of 1108 developing Internet standards in which case the procedures for 1109 copyrights defined in the Internet Standards process must be 1110 followed, or as required to translate it into languages other than 1111 English. 1113 The limited permissions granted above are perpetual and will not be 1114 revoked by the Internet Society or its successors or assignees. 1116 This document and the information contained herein is provided on an 1117 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 1118 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 1119 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 1120 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 1121 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 1123 Acknowledgment 1125 Funding for the RFC Editor function is currently provided by the 1126 Internet Society.