One document matched: draft-ietf-sieve-notify-mailto-10.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
]>
<!-- !ENTITY rfc2119 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml' -->
<!-- ?xml-stylesheet type='text/xsl' href='http://xml.resource.org/authoring/rfc2629.xslt' ? -->
<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
<?rfc toc="yes" ?>
<?rfc tocompact="no" ?>
<?rfc tocindent="no" ?>
<?rfc comments="yes" ?>
<?rfc inline="yes" ?>
<?rfc symrefs="yes" ?>
<?rfc sortrefs="yes"?>
<?rfc iprnotified="no" ?>
<?rfc strict="yes" ?>
<rfc category="std"
updates="3834"
ipr="full3978"
docName="draft-ietf-sieve-notify-mailto-10">
<front>
<title>Sieve Notification Mechanism: mailto</title>
<author initials='B.' surname="Leiba" fullname="Barry Leiba">
<organization>IBM T.J. Watson Research Center</organization>
<address>
<postal>
<street>19 Skyline Drive</street>
<city>Hawthorne</city>
<region>NY</region>
<code>10532</code>
<country>US</country>
</postal>
<phone>+1 914 784 7941</phone>
<email>leiba@watson.ibm.com</email>
</address>
</author>
<author initials='M.' surname="Haardt" fullname="Michael Haardt">
<organization>freenet.de GmbH</organization>
<address>
<postal>
<street>Willstaetter Str. 13</street>
<city>Duesseldorf</city>
<region>NRW</region>
<code>40549</code>
<country>Germany</country>
</postal>
<phone>+49 241 53087 520</phone>
<email>michael.haardt@freenet.ag</email>
</address>
</author>
<date year="2008"/>
<area>Applications</area>
<workgroup>Sieve Working Group</workgroup>
<keyword>Sieve</keyword>
<keyword>email</keyword>
<keyword>filter</keyword>
<keyword>notifications</keyword>
<abstract>
<t>
This document describes a profile of the Sieve extension for
notifications, to allow notifications to be sent by electronic mail.
</t>
</abstract>
</front>
<middle>
<section anchor="intro" title="Introduction">
<section anchor="overview" title="Overview">
<t>
The <xref target="Notify"/> extension to the <xref target="Sieve"/>
mail filtering language is a framework for providing notifications
by employing URIs to specify the notification mechanism.
This document defines how <xref target="mailto"/> URIs are
used to generate notifications by e-mail.
</t>
<t>
</t>
</section>
<section title="Conventions used in this document">
<t>
Conventions for notations are as in <xref target="Sieve"/> section 1.1, including
the use of <xref target="Kwds"/>.
</t>
<t>
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in <xref target="Kwds"/>.
</t>
</section>
</section>
<section anchor="definition" title="Definition">
<t>
The mailto mechanism results in the sending of a new email message
(a "notification message") to notify a recipient about a "triggering message".
</t>
<section anchor="tag-method" title='Notify parameter "method"'>
<t>
The mailto notification mechanism uses standard mailto URIs
as specified in <xref target="mailto"/>.
mailto URIs may contain header fields
consisting of a header name and value. These header fields are
called "URI headers" to distinguish them from "message headers".
</t>
</section>
<section anchor="tag-test" title='Test notify_method_capability'>
<t>
The notify_method_capability test for "online" may return "yes" or "no"
only if the Sieve processor can determine with certainty whether or
not the recipients of the notification message are online and logged in.
Otherwise, the test returns "maybe" for this notification method.
</t>
</section>
<section anchor="tag-from" title='Notify tag ":from"'>
<t>
The :from tag overrides the default sender of
the notification message. "Sender", here, refers to the value
used in the <xref target="RFC5322"/> "From" header. Implementations
MAY also use this value in the <xref target="RFC5321"/> "MAIL FROM"
command (the "envelope sender"), or they may prefer to establish a mailbox that receives
bounces from notification messages.
</t>
</section>
<section anchor="tag-importance" title='Notify tag ":importance"'>
<t>
The :importance tag has no special meaning for this notification mechanism,
and this specification puts no restriction on its use.
Implementations MAY use the value of :importance to set a
priority or importance indication on the notification message (perhaps
a visual indication, or perhaps making use of one of the non-standard
but commonly used message headers).
</t>
</section>
<section anchor="tag-options" title='Notify tag ":options"'>
<t>
This tag is not used by the mailto method.
</t>
</section>
<section anchor="tag-message" title='Notify tag ":message"'>
<t>
The value of this tag, if it is present, is used as the subject of the notification
message, and overrides all other mechanisms for determining the subject (as described below).
Its value SHOULD NOT normally be truncated, though it may be sensible
to truncate an excessively long value.
</t>
</section>
<section anchor="otherdef" title="Other Definitions">
<t>
Because the receipt of an email message is generating another
email message, implementations MUST take steps to avoid mail loops.
The REQUIRED inclusion of an "Auto-Submitted:" field,
as described in the message composition guidelines, will also help
in loop detection and avoidance.
</t>
<t>
Implementations SHOULD NOT trigger notifications for messages containing
"Auto-Submitted:" header fields with any value other than "No".
</t>
<t>
Implementations MUST allow messages with empty envelope
senders to trigger notifications.
</t>
<t>
Because this notification method uses a store-and-forward system
for delivery of the notification message, the Sieve processor should not
have a need to retry notifications. Therefore, implementations of this method SHOULD
use normal mechanisms for submitting SMTP messages and for retrying
the initial submission. Once the notification message is submitted, implementations
MUST NOT resubmit it, as this is likely to result in multiple notifications, and
increases the danger of message loops.
</t>
<t>
The overall notification message is composed using the following
guidelines (see <xref target="RFC5322"/> for references to message header fields):
<list style="symbols">
<t>
If the envelope sender of the triggering message is
empty, the envelope sender of the notification
message MUST be empty as well, to avoid message loops.
Otherwise, the envelope sender of the notification
message SHOULD be set to the value of the ":from" parameter
to the notify action, if one is specified, has email address
syntax and is valid according to the implementation specific
security checks (see Section 3.3 of <xref target="Notify"/>).
If ":from" is not specified or is not valid,
the envelope sender of the notification
message SHOULD be set either to the envelope "to" field from the triggering
message, as used by Sieve, or to an email address associated with
the notification system, at the
discretion of the implementation. This MUST NOT be overridden
by a "from" URI header, and any such URI header MUST be ignored.
</t>
<t>
The envelope recipient(s) of the notification message SHOULD be set to the
address(es) specified in the URI (including any URI headers where the hname
is "to" or "cc").
</t>
<t>
The header field "Auto-Submitted: auto-notified" MUST be included in
the notification message (see <xref target="autosubmit"/>). This is to
reduce the likelihood of message loops, by tagging this as an automatically
generated message. Among other results, it will inform other notification
systems not to generate further notifications. mailto URI headers with
hname "auto-submitted" are considered unsafe and MUST be ignored.
</t>
<t>
The "From:" header field of the notification message
SHOULD be set to the value of the ":from" parameter
to the notify action, if one is specified, has email address
syntax and is valid according to the implementation specific
security checks (see Section 3.3 of <xref target="Notify"/>).
If ":from" is not specified or is not valid,
the "From:" header field of the notification
message SHOULD be set either to the envelope "to" field from the triggering
message, as used by Sieve, or to an email address associated
with the notification system, at the
discretion of the implementation. This MUST NOT be overridden
by a "from" URI header, and any such URI header MUST be ignored.
</t>
<t>
The "To:" header field of the notification message
SHOULD be set to the address(es) specified in the URI (including any URI headers
where the hname is "to").
</t>
<t>
The "Subject:" field of the notification message SHOULD contain the
value defined by the :message notify tag, as described in <xref target="Notify"/>.
If there is no :message tag and there is a "subject" header on the
URI, then that value SHOULD be used. If that is also absent,
the subject SHOULD be retained from the triggering message.
Note that Sieve <xref target="Variables"/> can be used to advantage here, as shown
in the example in <xref target="examples"/>.
</t>
<t>
The "References:" field of the notification message MAY be set to refer to
the triggering message, and MAY include references from the triggering message.
</t>
<t>
If the mailto URI contains a "body" header, the value of
that header SHOULD be used as the body of the notification message.
If there is no "body" header, it is up to the implementation
whether to leave the body empty or to use an excerpt of the original
message.
</t>
<t>
The "Received:" fields from the triggering message MAY be retained
in the notification message, as these could provide useful trace/history/diagnostic
information. The "Auto-Submitted" header field MUST be placed above
these (see <xref target="autosubmit"/>).
URI headers with hname "received" are considered unsafe, and MUST be ignored.
</t>
<t>
Other header fields of the notification message that are normally related to
an individual new message (such as "Message-ID" and "Date") are generated
for the notification message in the normal manner, and MUST NOT be copied
from the triggering message. Any URI headers with
those names MUST be ignored. Further, the "Date" header serves as the
notification timestamp defined in <xref target="Notify"/>.
</t>
<t>
All other header fields of the notification message either are as
specified by URI headers, or have implementation-specific values;
their values are not defined here. It is suggested that the
implementation capitalize the first letter of URI headers
and add a space character after the colon between the
mail header name and value when adding URI headers to the
message, to be consistent with common practice in email headers.
</t>
</list>
</t>
<section anchor="autosubmit" title="The Auto-Submitted header field">
<t>
The header field "Auto-Submitted: auto-notified" MUST be included in
the notification message (see <xref target="RFC3834"/>).
The "Auto-Submitted" header field is considered a "trace field", similar to
"Received" header fields (see <xref target="RFC5321"/>). If the implementation
retains the "Received" fields from the triggering message (see above), the
"Auto-Submitted" field MUST be placed above those "Received" fields, serving as
a boundary between the ones from the triggering message and those that will be part
of the notification message.
</t>
<t>
The auto-notified Auto-Submitted field MUST include one or both of
the following parameters:
<list style="symbols">
<t>
owner-email - specifies an email address of the owner of the Sieve script
that generated this notification. If specified, it might be used to identify
or contact the script's owner.
The parameter attribute is "owner-email", and
the parameter value is a quoted string containing an email address, as defined
by "addr-spec" in <xref target="RFC5322"/>.
Example:
<vspace/>
<vspace/>
Auto-Submitted: auto-notified; owner-email="me@example.com"
</t>
<t>
owner-token - specifies an opaque token that the administrative domain of
the owner of the Sieve script that generated this notification can identify
the owner with. This might be used to allow identification of the owner
while protecting the owner's privacy.
The parameter attribute is "owner-token", and
the parameter value is as defined by "token" in <xref target="RFC3834"/>.
Example:
<vspace/>
<vspace/>
Auto-Submitted: auto-notified; owner-token=af3NN2pK5dDXI0W
</t>
</list>
</t>
<t>
See <xref target="security"/> for discussion of possible uses of these parameters.
</t>
</section>
</section>
</section>
<section anchor="examples" title="Examples">
<t>
<figure>
<artwork>
Triggering message (received by recipient@example.org):
Return-Path: <knitting-bounces@example.com>
Received: from mail.example.com by mail.example.org
for <recipient@example.org>; Wed, 7 Dec 2005 05:08:02 -0500
Received: from hobbies.example.com by mail.example.com
for <knitting@example.com>; Wed, 7 Dec 2005 02:00:26 -0800
Message-ID: <1234567.89ABCDEF@example.com>
Date: Wed, 07 Dec 2005 10:59:19 +0100
Precedence: list
List-Id: Knitting Mailing List <knitting.example.com>
Sender: knitting-bounces@example.com
Errors-To: knitting-bounces@example.com
From: "Jeff Smith" <jeff@hobbies.example.com>
To: "Knitting Mailing List" <knitting@example.com>
Subject: [Knitting] A new sweater
I just finished a great new sweater!
Sieve script (run on behalf of recipient@example.org):
require ["notify", "variables"];
if header :contains "list-id" "knitting.example.com" {
if header :matches "Subject" "[*] *" {
notify :message "From ${1} list: ${2}"
:importance "3"
"mailto:0123456789@sms.example.net?to=backup@example.com";
}
}
Notification message:
Auto-Submitted: auto-notified; owner-email="recipient@example.org"
Received: from mail.example.com by mail.example.org
for <recipient@example.org>; Wed, 7 Dec 2005 05:08:02 -0500
Received: from hobbies.example.com by mail.example.com
for <knitting@example.com>; Wed, 7 Dec 2005 02:00:26 -0800
Date: Wed, 7 Dec 2005 05:08:55 -0500
Message-ID: <A2299BB.FF7788@example.org>
From: recipient@example.org
To: 0123456789@sms.example.net, backup@example.com
Subject: From Knitting list: A new sweater
</artwork>
</figure>
</t>
<t>
Note that:
<list style="symbols">
<t>
Fields such as "Message-ID:" and "Date:" were generated
afresh for the notification message, and do not relate to
the triggering message.
</t>
<t>
Additional "Received:" fields will be added to the
notification message in transit; the ones shown were
copied from the triggering message. New ones will be added above the
"Auto-Submitted:" field.
</t>
<t>
If this message should appear at the mail.example.org
server again, the server can use the presence of a
"mail.example.org" received line to recognize that.
The Auto-Submitted header field is also present to tell
the server to avoid sending another notification, and
it includes an optional owner-email parameter for identification.
</t>
</list>
</t>
</section>
<section anchor="i18n" title="Internationalization Considerations">
<t>
This specification introduces no specific internationalization
issues that are not already addressed
in <xref target="Sieve"/>
and in <xref target="Notify"/>.
</t>
</section>
<section anchor="security" title="Security Considerations">
<t>
Sending a notification is comparable with forwarding mail to the
notification recipient. Care must be taken when forwarding mail
automatically, to ensure that confidential information is not sent
into an insecure environment.
</t>
<t>
The automated sending of email messages exposes the system to
mail loops, which can cause operational problems. Implementations
of this specification MUST protect themselves against mail loops; see <xref target="otherdef"/>
for discussion of this and some suggestions. Other possible mitigations for mail loops
involve types of service limitations. For example, the number of notifications generated
for a single user might be limited to no more than, say, 30 in a 60-minute period.
Of course, this technique presents its own problems, in that the actual rate limit must
be selected carefully, to allow most legitimate situations in the given environment, and
even with careful selection it's inevitable that there will be false positives -- and
false negatives.
</t>
<t>
Ultimately, human intervention may be necessary to re-enable notifications that have been
disabled because a loop was detected, or to terminate a very slow loop that's under the
automatic-detection radar. Administrative mechanisms MUST be available to handle these
sorts of situations.
</t>
<t>
Email addresses specified as recipients of notifications might not be owned by the
entity that owns the Sieve script. As a result, a notification recipient could wind up
as the target of unwanted notifications, either through intent (using scripts to mount
a mail-bomb attack) or by accident (an address was mistyped or has been reassigned).
The situation is arguably no worse than any other in which a recipient gets unwanted
email, and some of the same mechanisms can be used in this case. But those deploying
this extension have to be aware of the potential extra problems here, where scripts
might be created through means that do not adequately validate email addresses, and such
scripts might then be forgotten and left to run indefinitely.
</t>
<t>
In particular, note that the Auto-Submitted header field is required to include a
value that a recipient can use when contacting the source domain of the notification
message (see <xref target="autosubmit"/>). That value will allow the domain to track
down the script's owner and have the script corrected or disabled. Domains that enable
this extension MUST be prepared to respond to such complaints, in order to limit the
damage caused by a faulty script.
</t>
<t>
Problems can also show up if notification messages are sent to a gateway into another
service, such as SMS. Information from the email message is often lost in the gateway
translation, and in this case critical information needed to avoid loops, to contact the
script owner, and to resolve other problems might be lost. Developers of email gateways
should consider these issues, and try to preseve as much information as possible,
including what appears in email trace headers and Auto-Submitted.
</t>
<t>
Additional security considerations are discussed
in <xref target="Sieve"/>
and in <xref target="Notify"/>.
</t>
</section>
<section anchor="iana-considerations" title="IANA Considerations">
<section title="Registration of notification mechanism">
<t>
The following template specifies the IANA registration of the
Sieve notification mechanism specified in this document:
</t>
<t>
To: iana@iana.org
<vspace/>
Subject: Registration of new Sieve notification mechanism
<vspace/>
Mechanism name: mailto
<vspace/>
Mechanism URI: RFC2368
<vspace/>
Mechanism-specific tags: none
<vspace/>
Standards Track/IESG-approved experimental RFC number: this RFC
<vspace/>
Person and email address to contact for further information:
<vspace/>
Michael Haardt <michael.haardt@freenet.ag>
</t>
<t>
This information should be added to the list of sieve notification
mechanisms given on http://www.iana.org/assignments/sieve-notification.
</t>
</section>
<section title="New registry for Auto-Submitted header field keywords">
<t>
Because <xref target="RFC3834"/> does not define a registry for new
keywords used in the Auto-Submitted header field, we define one here, to be
created as http://www.iana.org/assignments/auto-submitted-keywords.
Keywords are registered using the "Specification Required" policy <xref target="IANA"/>.
</t>
<t>
This defines the template to be used to register new keywords. Initial entries
to this registry follow in <xref target="a-s-initial"/>.
</t>
<t>
To: iana@iana.org
<vspace/>
Subject: Registration of new auto-submitted header field keyword
<vspace/>
Keyword value: [the text value of the field]
<vspace/>
Description: [a brief explanation of the purpose of this value]
<vspace/>
Parameters: [list any keyword-specific parameters, specify their meanings,
specify whether they are required or optional; use "none" if there are none]
<vspace/>
Standards Track/IESG-approved experimental RFC number: [identifies
the specification that defines the value being registered]
<vspace/>
Contact: [name and email address to contact for further information]
</t>
</section>
<section anchor="a-s-initial" title="Initial registration of Auto-Submitted header field keywords">
<t>
The following are the initial keywords to be registered for the Auto-Submitted
header field, to be entered in http://www.iana.org/assignments/auto-submitted-keywords.
</t>
<t>
Keyword value: no
<vspace/>
Description: Indicates that a message was NOT automatically generated,
but was created by a human. It is the equivalent to the absence of an
Auto-Submitted header altogether.
<vspace/>
Parameters: none
<vspace/>
Standards Track/IESG-approved experimental RFC number: RFC3834
<vspace/>
Contact: Keith Moore <moore@network-heretics.com>
</t>
<t>
Keyword value: auto-generated
<vspace/>
Description: Indicates that a message was generated by an automatic
process, and is not a direct response to another message.
<vspace/>
Parameters: none
<vspace/>
Standards Track/IESG-approved experimental RFC number: RFC3834
<vspace/>
Contact: Keith Moore <moore@network-heretics.com>
</t>
<t>
Keyword value: auto-replied
<vspace/>
Description: Indicates that a message was automatically generated as a
direct response to another message.
<vspace/>
Parameters: none
<vspace/>
Standards Track/IESG-approved experimental RFC number: RFC3834
<vspace/>
Contact: Keith Moore <moore@network-heretics.com>
</t>
<t>
Keyword value: auto-notified
<vspace/>
Description: Indicates that a message was generated by a Sieve
notification system.
<vspace/>
Parameters: owner-email, owner-token. Both optional, both refer to the
owner of the Sieve script that generated this message. See the relevant
RFC for details.
<vspace/>
Standards Track/IESG-approved experimental RFC number: this RFC
<vspace/>
Contact: Michael Haardt <michael.haardt@freenet.ag>
</t>
</section>
</section>
</middle>
<back>
<references title="Normative References">
<reference anchor="Kwds">
<front>
<title>Key words for use in RFCs to Indicate Requirement Levels</title>
<author initials="S." surname="Bradner" fullname="Scott Bradner">
<organization>Harvard University</organization>
</author>
<date month="March" year="1997" />
</front>
<seriesInfo name="RFC" value="2119" />
</reference>
<reference anchor="mailto">
<front>
<title>The mailto URL scheme</title>
<author initials="P." surname="Hoffman" fullname="Paul Hoffman">
<organization>Internet Mail Consortium</organization>
</author>
<author initials="L." surname="Masinter" fullname="Larry Masinter">
<organization>Xerox Corporation</organization>
</author>
<author initials="J." surname="Zawinski" fullname="Jamie Zawinski">
<organization>Netscape Communications</organization>
</author>
<date month="July" year="1998" />
</front>
<seriesInfo name="RFC" value="2368" />
</reference>
<reference anchor="Sieve">
<front>
<title>Sieve: An Email Filtering Language</title>
<author initials="P." surname="Guenther" fullname="Philip Guenther" role="editor">
<organization>Sendmail, Inc.</organization>
</author>
<author initials="T." surname="Showalter" fullname="Tim Showalter" role="editor">
<organization />
</author>
<date month="January" year="2008" />
</front>
<seriesInfo name="RFC" value="5228" />
</reference>
<reference anchor="Notify">
<front>
<title>Sieve Extension: Notifications</title>
<author initials="A." surname="Melnikov" fullname="Alexey Melnikov" role="editor">
<organization>Isode Limited</organization>
</author>
<author initials="B." surname="Leiba" fullname="Barry Leiba" role="editor">
<organization>IBM T.J. Watson Research Center</organization>
</author>
<author initials="W." surname="Segmuller" fullname="Wolfgang Segmuller">
<organization>IBM T.J. Watson Research Center</organization>
</author>
<author initials="T." surname="Martin" fullname="Tim Martin">
<organization>Mirapoint, Inc.</organization>
</author>
<date month="December" year="2007" />
</front>
<seriesInfo name="work in progress," value="draft-ietf-sieve-notify" />
</reference>
<reference anchor="RFC5322">
<front>
<title>Internet Message Format</title>
<author initials="P." surname="Resnick" fullname="Pete Resnick" role="editor">
<organization>Qualcomm Incorporated</organization>
</author>
<date month="October" year="2008" />
</front>
<seriesInfo name="RFC" value="5322" />
</reference>
<reference anchor="RFC3834">
<front>
<title>Recommendations for Automatic Responses to Electronic Mail</title>
<author initials="K." surname="Moore" fullname="Keith Moore">
<organization>University of Tennessee</organization>
</author>
<date month="August" year="2004" />
</front>
<seriesInfo name="RFC" value="3834" />
</reference>
<reference anchor="IANA">
<front>
<title>Guidelines for Writing an IANA Considerations Section in RFCs</title>
<author initials="T." surname="Narten" fullname="Thomas Narten">
<organization>IBM</organization>
</author>
<author initials="H." surname="Alvestrand" fullname="Harald Alvestrand">
<organization>Google</organization>
</author>
<date month="May" year="2008" />
</front>
<seriesInfo name="BCP" value="26" />
<seriesInfo name="RFC" value="5226" />
</reference>
</references>
<references title="Non-Normative References">
<reference anchor="Variables">
<front>
<title>Sieve Extension: Variables</title>
<author initials="K." surname="Homme" fullname="Kjetil Torgrim Homme">
<organization>University of Oslo</organization>
</author>
<date month="January" year="2008" />
</front>
<seriesInfo name="RFC" value="5229" />
</reference>
<reference anchor="RFC5321">
<front>
<title>Simple Mail Transfer Protocol</title>
<author initials="J." surname="Klensin" fullname="John Klensin" role="editor">
<organization></organization>
</author>
<date month="October" year="2008" />
</front>
<seriesInfo name="RFC" value="5321" />
</reference>
</references>
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-24 04:39:04 |