One document matched: draft-ietf-sieve-refuse-reject-00.txt
Internet Draft M. Elvey
Document: draft-ietf-sieve-refuse-reject-00 The Elvey Partnership,LLC
Expires: November 2005 A. Melnikov
Isode Ltd
May 2005
The SIEVE mail filtering language - reject and refuse extensions
draft-ietf-sieve-refuse-reject
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other
documents at any time. It is inappropriate to use Internet-Drafts
as reference material or to cite them other than as "work in
progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
A revised version of this draft document will be submitted to the
RFC editor as a Proposed Standard for the Internet Community.
Discussion and suggestions for improvement are requested.
Distribution of this draft is unlimited.
Abstract
This memo defines the SIEVE mail filtering language [SIEVE]
"reject" and "refuse" extensions.
A Joe-job is a spam run forged to appear as though it came from an
innocent party, who is then generally flooded by the bounces, MDNs
and messages with complaints. With the Sieve "reject" action, MDNs
contribute to the flood of Joe-job spam to victims of Joe-jobs;
SMTP level refusals usually don't. With "refuse", Sieve gains the
ability to simply not accept an email during the SMTP transaction
(instead of accepting it and then sending an MDN [MDN] back to the
alleged sender using "reject").
Table of Contents
1. Introduction 4
2. Conventions Used in this Document 4
3. Discussion of finer points 4
4. SIEVE "reject" extension 5
4.1 Action reject 5
4.2 "reject" compatibility with other actions 6
5. SIEVE "refuse" extension 6
5.1 Action refuse 6
5.2 "refuse" compatibility with other actions 7
5.3 Explicit accomodation for servers that support Enhanced
Error Codes [ENHANCED-CODES] 7
6. Security Considerations 8
7. IANA Considerations 8
7.1 reject extension registration 8
7.2 refuse extension registration 8
8. References 9
8.1 Normative References 9
8.2 Informative References 9
9. Acknowledgments 9
10. Author's Addresses 10
11. Intellectual Property Rights Statement 10
12. Full Copyright Statement 11
13. Changes from RFC 3028 11
14. Change Log 11
1. Introduction
The SIEVE mail filtering language [SIEVE] "reject" action allows
users to refuse delivery of a message by sending an [MDN]. This
action was originally defined in RFC 3028 [SIEVE].
The "refuse" extension, if supported, permits users to handle
unwanted email in a way that is sometimes preferable to the
existing 'discard' and 'reject' capabilities. When a spam-
detection system suspects a message is spam, but isn't certain,
discarding the email is considered too risky for some users, for
example, those who receive sales leads by email. They are willing
to use the reject command. Users are willing to reject but not
discard because the sender of an email incorrectly marked as spam
will receive a notification that the email was refused, and will
likely try again to contact the intended recipient, perhaps via
another method of communication. Unfortunately, this usage is
problematic, because in the usual case, the email is indeed spam,
and the alleged sender to whom the MDN caused by the reject will be
sent will often be an innocent Joe-job victim. "Refuse" is
intended to be superior to "reject" because it will be less likely
to result in email to an innocent victim. "Refuse" refuses to
accept an email for delivery instead of accepting it and then
sending an MDN. Much spam is sent through open proxies, so
"refuse" reduces Joe-job bounces resulting from usage of reject.
"Refuse" will also reduce Joe-jobs caused by virus self-propagation
via emails with false sender information. "Refuse" may conserve
bandwidth, by reducing the number of MDNs sent. Further discussion
highlighting the risks of "reject" and the benefits of "refuse" can
be found in [Joe-DoS].
2. Conventions Used in this Document
Conventions for notations are as in [SIEVE] section 1.1, including
use of [KEYWORDS].
This document does not attempt to define what exactly constitutes a
spam or virus containing email or how it should be identified, or
what actions should be taken when detected.
3. Discussion of finer points
The "refuse" action MUST refuse to accept an email for delivery at
the SMTP/LMTP level by returning a 5XX reply code, instead of
sending an MDN as required by the "reject" action, other than for
the two exceptions specified below. A SIEVE implementation that
cannot do so MUST NOT claim to support the refuse extension.
There is an exception when a message has multiple valid recipients,
and at least one but not all of them are refusing delivery (whether
the refusal is caused by execution of a Sieve "refuse" or for
another reason). In this case, the server MUST accept the message
and generate DSNs for all recipients that are refusing it. Note
that this exception only applies to SMTP, as LMTP is able to reject
messages on a per-recipient basis.
If a "refuse" implementation performs a return-path verification
and it clearly indicates that the message has a forged return-path,
the implementation need not refuse to accept the mail, but rather
MAY accept and discard it.
The "reject" action is defined so that it can be used by
implementations unable to implement "refuse" (i.e. by MUAs) or for
backwards compatibility with scripts based on RFC3028.
4. SIEVE "reject" extension
SIEVE implementations that implement the "reject" action must use
the "reject" capability string.
4.1 Action reject
Syntax: reject <reason: string>
The "reject" action refuses delivery of a message by sending back
an [MDN] to the sender. The "reject" action also cancels the
implicit keep. It resends the message to the sender, wrapping it
in a "reject" form, noting that it was rejected by the recipient.
In the following script, a message is rejected and returned to the
sender.
Example:
require ["reject"]
if header :contains "from" "coyote@desert.example.org" {
reject "I am not taking mail from you, and I don't
want your birdseed, either!";
}
A reject message MUST take the form of a failure MDN as specified
by [MDN]. The human-readable portion of the message, the
first component of the MDN, contains the human readable message
describing the error, and it SHOULD contain additional text
alerting the original sender that mail was refused by a filter.
This part of the MDN might appear as follows:
------------------------------------------------------------
The message was refused by the recipient's mail filtering program.
The reason
given was as follows:
I am not taking mail from you, and I don't want your birdseed,
either!
------------------------------------------------------------
The MDN action-value field as defined in the MDN specification MUST
be "deleted" and MUST have the MDN-sent-automatically and automatic-
action modes set.
4.2 "reject" compatibility with other actions
A "reject" action cancels the implicit keep.
Implementations MUST prohibit more than one reject in a SIEVE
script. "Reject" is also incompatible with the "refuse" and
"vacation" [VACATION] extensions.
Implementations SHOULD prohibit reject when used with other
actions.
5. SIEVE "refuse" extension
SIEVE implementations that implement the "refuse" action must use
the "refuse" capability string.
5.1 Action refuse
Syntax: refuse <reason: string>
The "refuse" action refuses delivery of a message by sending back
the 550 SMTP response code to an SMTP client.
This extension can be only supported by a Sieve implementation
running in an MTA.
Note that SMTP [SMTP] doesn't allow for non-ASCII characters in
SMTP response text. It is an error for non-ASCII characters to
appear in the "reason" string (unless the client and the server use
an SMTP extension that allows for transmission of non-ASCII reply
text; such an extension is not known to the authors).
If the "reason" string is multiline, than the reason text MUST be
returned as a multiline SMTP/LMTP response, per [SMTP], section
4.2.1.
In the following script (which assumes support for the spamtest
extension), messages that test highly positive for spam are
refused.
Example:
require ["refuse", "spamtest"]
if spamtest :value "ge" :comparator "i;ascii-numeric" "6" {
refuse text:
SpamAssassin thinks the message is spam.
It is therefore being refused.
Please call 1-900-PAY-US if you want to reach us.
.
;
elsif spamtest :value "ge" :comparator "i;ascii-numeric" "4" {
fileinto "Suspect";
}
The following excerpt from an SMTP session shows it in action.
C: DATA
S: 354 Send message, ending in CRLF.CRLF.
...
C: .
S: 550-SpamAssassin thinks the message is spam.
S: 550-It is therefore being refused.
S: 550 Please call 1-900-PAY-US if you want to reach us.
5.2 "refuse" compatibility with other actions
"Refuse" cancels the implicit keep, and is incompatible with
"reject" and "discard". "Refuse" is also incompatible with the
"vacation" [VACATION] action. Any action that would modify the
message body will necessarily have no effect on the body of any
message refused by "refuse" using the 550 SMTP response code.
If a script attempts to "refuse" the same message more than once,
the implementation may ignore the later attempts or consider it
an error."
5.3 Explicit accomodation for servers that support Enhanced Error
Codes [ENHANCED-CODES]
This section only concerns implementations that support Enhanced
Error Codes.
If the server supports RFC 2034 [ENHANCED-CODES] it MUST select an
appropriate Enhanced Error Code (e.g. 5.7.1 or a more generic
5.7.0) and prepend it to the "reason" text. I.e. on such an
implementation, the example in section 4.1 would show up in SMTP
as:
550-5.7.1 SpamAssassin thinks the message is spam.
550-5.7.1 It is therefore being refused.
550 5.7.1 Please call 1-900-PAY-US if you want to reach us.
if the server selected "5.7.1" as appropriate.
6. Security Considerations
The "refuse" extension does not raise any security considerations
that are not present in the base [SIEVE] protocol, and these issues
are discussed in [SIEVE].
7. IANA Considerations
The following section provides the IANA registrations for the Sieve
extensions specified in this document:
7.1 reject extension registration
IANA is requested to update the registration for the SIEVE "reject"
and "refuse" extensions to point to this document.
<<Update Tim's email address as well?>>
7.2 refuse extension registration
To: iana@iana.org
Subject: Registration of new Sieve extension
Capability name: refuse
Capability keyword: refuse
Capability arguments: N/A
Standards Track/IESG-approved experimental RFC number: this RFC
Person and email address to contact for further information:
Matthew Elvey
The Elvey Partnership, LLC
3042 Sacramento-ietf St Ste 04
San Francisco, CA
U.S.A.
<mailto:sieve3@matthew.elvey.com>
8. References
8.1 Normative References
[KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", RFC 2119, March 1997.
[SIEVE] Showalter, "Sieve: A Mail Filtering Language", RFC 3028,
January 2001.
Guenther, P., "Sieve: An Email Filtering Language", Work-in-
progress, draft-ietf-sieve-3028bis-XX.txt
[SMTP] Klensin, J. (Editor), "Simple Mail Transfer Protocol", AT&T
Laboratories, RFC 2821, April 2001.
[LMTP] Myers, J., "Local Mail Transfer Protocol", Carnegie-Mellon
University, RFC 2033, October 1996.
[DSN] Moore , K., Vaudreuil, G., "An Extensible Message Format for
Delivery Status Notifications", University of Tennessee, Lucent
Technologies, RFC 3464, January 2003.
[MDN] Fajman, R., "An Extensible Message Format for Message
Disposition Notifications", National Institutes of Health, RFC
2298, March 1998.
[ENHANCED-CODES] Freed, N., "SMTP Service Extension for Returning
Enhanced Error Codes", Innosoft, RFC 2034, October 1996.
8.2 Informative References
[Joe-DoS] Stefan Frei, Ivo Silvestri, Gunter Ollmann, "Mail Non
Delivery Message DDoS Attacks", 5 April 2004",
<http://www.techzoom.net/paper-mailbomb.asp>.
9. Acknowledgments
Thanks to Ned Freed, Cyrus Daboo, Arnt Gulbrandsen, Kristin Hubner,
Mark E. Mallett and Philip Guenther for comments and corrections.
The authors gratefully acknowledge the extensive work of Tim
Showalter as the author of the RFC 3028, which originally defined
"reject".
10. Author's Addresses
Matthew Elvey
The Elvey Partnership, LLC
3042 Sacramento-ietf St Ste 04
San Francisco, CA
U.S.A.
Email: sieve3@matthew.elvey.com
Alexey Melnikov
Isode Limited
5 Castle Business Village
36 Station Road
Hampton, Middlesex, TW12 2BX
UK
Email: Alexey.Melnikov@isode.com
11. Intellectual Property Rights Statement
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed
to pertain to the implementation or use of the technology described
in this document or the extent to which any license under such
rights might or might not be available; nor does it represent that
it has made any independent effort to identify any such rights.
Information on the procedures with respect to rights in RFC
documents can be found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use
of such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository
at http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at ietf-
ipr@ietf.org.
12. Full Copyright Statement
Copyright (C) The Internet Society (2005).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on
an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE
REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT
THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR
ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A
PARTICULAR PURPOSE.
Acknowledgement
Funding for the RFC Editor function is currently provided by the
Internet Society.
13. Changes from RFC 3028
Clarified that the "reject" action cancels the implicit keep.
14. Change Log
<<Note that this section will be deleted before publication.>>
00 First formal draft.
01 Explicit RFC 2034 support, disallow "refuse" in MUAs, typos
corrected, clarifications, etc.
02 Many insubstantial editorial changes (mostly rewording text for
readability). Added text regarding non-ASCII characters in the
refuse "reason" string. Added an exception allowing return-path
forgery to justify discarding a message.
03 (Renamed to be SIEVE WG 00) - Updated boilerplate, added reject
action from the base spec, acknowledged Tim as the author of
"reject".
| PAFTECH AB 2003-2026 | 2026-04-24 11:38:16 |