Message Disposition NotificationAT&T Laboratories200 Laurel Ave. SouthMiddletownNJ07748USAtony@att.comIsode Ltd14 Castle MewsHamptonMiddlesexTW12 2NPUKAlexey.Melnikov@isode.com
ART
delivery notification
This memo defines a MIME content-type that may be used by a mail user
agent (MUA) or electronic mail gateway to report the disposition of a
message after it has been successfully delivered to a recipient.
This content-type is intended to be machine-processable.
Additional message header fields are also defined to permit Message Disposition
Notifications (MDNs) to be requested by the sender of a message.
The purpose is to extend Internet Mail to support functionality often
found in other messaging systems, such as X.400 and the proprietary
"LAN-based" systems, and often referred to as "read receipts,"
"acknowledgements", or "receipt notifications." The intention is to
do this while respecting privacy concerns, which have often been
expressed when such functions have been discussed in the past.
Because many messages are sent between the Internet and other
messaging systems (such as X.400 or the proprietary "LAN-based"
systems), the MDN protocol is designed to be useful in a
multi-protocol messaging environment.
To this end, the protocol described in this memo provides for the carriage of "foreign"
addresses, in addition to those normally used in Internet Mail.
Additional attributes may also be defined to support "tunneling" of
foreign notifications through Internet Mail.
This document obsoletes RFC 3798 and updates RFC 2046 and RFC 3461.
This memo defines a media type for message
disposition notifications (MDNs).
An MDN can be used to notify the sender of a message of any of several conditions that may occur after
successful delivery, such as display of the message contents, printing
of the message, deletion (without display) of the message, or the
recipient's refusal to provide MDNs.
The "message/disposition-notification" content-type defined herein is
intended for use within the framework of the "multipart/report"
content type defined in RFC-REPORT.
This memo defines the format of the notifications and the RFC-MSGFMT
header fields used to request them.
This memo is an update to RFC 3798 and is intended to be published at Internet Standard Level.
The MDNs defined in this memo are expected to serve several purposes:
Inform human beings of the disposition of messages after
successful delivery, in a manner that is largely independent of
human language;
Allow mail user agents to keep track of the disposition of
messages sent, by associating returned MDNs with earlier message
transmissions;
Convey disposition notification requests and disposition
notifications between Internet Mail and "foreign" mail systems
via a gateway;
Allow "foreign" notifications to be tunneled through a
MIME-capable message system and back into the original messaging
system that issued the original notification, or even to a third
messaging system;
Allow language-independent, yet reasonably precise, indications
of the disposition of a message to be delivered.
These purposes place the following constraints on the notification
protocol:
It must be readable by humans, and must be machine-parsable.
It must provide enough information to allow message senders (or
their user agents) to unambiguously associate an MDN with the
message that was sent and the original recipient address for
which the MDN was issued (if such information is available),
even if the message was forwarded to another recipient address.
It must also be able to describe the disposition of a message
independent of any particular human language or of the
terminology of any particular mail system.
The specification must be extensible in order to accommodate
future requirements.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC-KEYWORDS.
All syntax descriptions use the ABNF specified by RFC-MSGFMT, in
which the lexical tokens (used below) are defined: "CRLF", "FWS", "CFWS", "field-name",
"mailbox-list", "msg-id", and "text".
The following lexical tokens are defined in RFC-SMTP:
"atom".
Message disposition notifications are requested by including a
Disposition-Notification-To header field in the message containing one
or more addresses specifying where dispositions should be sent.
Further information to be used by the recipient's Mail User
Agent (MUA) in generating the MDN may be provided by also including Original-Recipient and/or
Disposition-Notification-Options header fields in the message.
A request for the receiving user agent to issue message disposition
notifications is made by placing a Disposition-Notification-To header field
into the message.
The syntax of the header field is
A Disposition-Notification-To header field can appear at most once in a message.
The presence of a Disposition-Notification-To header field in a message is
merely a request for an MDN.
The recipients' user agents are always free to silently ignore such a request.
An MDN MUST NOT itself have a Disposition-Notification-To header field.
An MDN MUST NOT be generated in response to an MDN.
A user agent MUST NOT issue more than one MDN on behalf of each
particular recipient.
That is, once an MDN has been issued on behalf of a recipient, no further MDNs may be issued on behalf of that
recipient by the same user agent, even if another disposition is performed on the message.
However, if a message is forwarded, an MDN may have been issued for
the recipient doing the forwarding and the recipient of the forwarded
message may also cause an MDN to be generated.
It is also possible that if the same message is being accessed by multiple user agents (for example using POP3),
then multiple dispositions might be generated for the same recipient.
User agents SHOULD leverage support in the underlying message access protocol to prevent multiple MDNs from being generated.
In particular, when the user agent is accessing the message using RFC-IMAP,
it SHOULD implement the procedures specified in RFC-IMAP-MDN.
While Internet standards normally do not specify the behavior of user
interfaces, it is strongly recommended that the user agent obtain the
user's consent before sending an MDN.
This consent could be obtained for each message through some sort of prompt or dialog box, or
globally through the user's setting of a preference.
The purpose of obtaining user's consent is to protect user's privacy.
The default value should be not to send MDNs.
MDNs MUST NOT be sent automatically if the address in the
Disposition-Notification-To header field differs from the address in the
Return-Path header field (see RFC-MSGFMT).
In this case, confirmation from the user MUST be obtained, if possible.
If obtaining consent is not possible (e.g., because the user is not online at the time
or the client is not an interactive email client), then an MDN MUST NOT be sent.
Confirmation from the user MUST be obtained (or no MDN sent) if
there is no Return-Path header field in the message, or if there is more
than one distinct address in the Disposition-Notification-To header field.
The comparison of the addresses is done using only the
addr-spec (local-part "@" domain) portion, excluding any angle brackets, phrase and
route.
As prescribed by RFC 5322, the comparison is case-sensitive for the local-part and case-insensitive for the domain part.
The local-part comparison SHOULD be done after performing local-part canonicalization (i.e. after removing
the surrounding double-quote characters, if any, as well as any escaping "\" characters.
(See RFC-MSGFMT for more details.)
Implementations MAY treat known domain aliases as equivalent for the purpose of comparison.
Note that use of subaddressing (see ) can result in a failure to match two local-parts
and thus result in possible suppression of the MDN. This document doesn't recommend special handling for this
case, as the receiving MUA can't reliably know whether or not the sender is using subaddressing.
If the message contains more than one Return-Path header field, the
implementation may pick one to use for the comparison, or treat the
situation as a failure of the comparison.
The reason for not automatically sending an MDN if the comparison
fails or more than one address is specified is to reduce the
possibility of mail loops and of MDNs being used for mail bombing.
It's especially important that a message that contains a Disposition-Notification-To header field
also contain a Message-ID header field, to permit user agents to automatically
correlate MDNs with their original messages.
If the request for message disposition notifications for some
recipients and not others is desired, two copies of the message should be sent,
one with a Disposition-Notification-To header field and one without.
Many of the other header fields of the message (e.g., To, Cc) will be the same in
both copies.
The recipients in the respective message envelopes determine from whom message disposition notifications are requested and
from whom they are not.
If desired, the Message-ID header field may be the same in both copies of the message.
Note that there are other situations (e.g., Bcc) in which it is necessary to send multiple
copies of a message with slightly different header fields.
The combination of such situations and the need to request MDNs for a subset of all
recipients may result in more than two copies of a message being sent,
some with a Disposition-Notification-To header field and some without.
If it is possible to determine that a recipient is a newsgroup,
do not include a Disposition-Notification-To header field for
that recipient.
Similarly, if an existing message is resent or gatewayed to a newsgroup,
the agent doing resending/gatewaying SHOULD strip the Disposition-Notification-To header field.
See for more discussion.
Clients that see an otherwise valid Disposition-Notification-To header field in a newsgroup message
SHOULD NOT generate an MDN.
Extensions to this specification may require that information
be supplied to the recipient's MUA for additional control over how and
what MDNs are generated.
The Disposition-Notification-Options header field provides an extensible mechanism for such information.
The syntax of this header field is as follows:
A Disposition-Notification-Options header field can appear at most once in a message.
An importance of "required" indicates that interpretation of the
disposition-notification-parameter is necessary for proper generation of an MDN in response to
this request.
An importance of "optional" indicates that an MUA that does not understand the meaning of this
disposition-notification-parameter MAY generate an MDN in response anyway, ignoring the value
of the disposition-notification-parameter.
No disposition-notification-parameter attribute names are defined in this specification.
Attribute names may be defined in the future by later revisions or extensions to this
specification.
disposition-notification-parameter attribute names MUST be registered
with the Internet Assigned Numbers Authority (IANA) using "Specification required" registration policy.
The "X-" prefix has historically been used to denote unregistered "experimental"
protocol elements, that are assumed not to become common use. Deployment experience of this
and other protocols have shown that this assumption is often false. This document allows
the use of the "X-" prefix primarily to allow the registration of attributes
that are already in common use. The prefix has no meaning for new attributes. Its use in
substantially new attributes may cause confusion and is therefore discouraged.
(See for a registration form.)
Since electronic mail addresses may be rewritten while the message is
in transit, it is useful for the original recipient address to be made
available by the delivering Message Transfer Agent (MTA) .
The delivering MTA may be able to obtain this information from the ORCPT parameter of the SMTP RCPT TO
command, as defined in RFC-SMTP and RFC-DSN-SMTP.
RFC-DSN-SMTP is amended as follows: If the ORCPT information is
available, the delivering MTA SHOULD insert an Original-Recipient
header field at the beginning of the message (along with the Return-Path
header field).
The delivering MTA MAY delete any other Original-Recipient header fields that occur in the message.
The syntax of this header field is as follows:
The address-type and generic-address token are as specified in the
description of the Original-Recipient field in .
The purpose of carrying the original recipient information and
returning it in the MDN is to permit automatic correlation of MDNs
with the original message on a per-recipient basis.
The use of the header fields Disposition-Notification-To,
Disposition-Notification-Options, and Original-Recipient with the MIME
message/partial content type (RFC-MIME-MEDIA]) requires further
definition.
When a message is segmented into two or more message/partial
fragments, the three header fields mentioned in the above paragraph SHOULD
be placed in the "inner" or "enclosed" message (using the terms of
RFC-MIME-MEDIA).
If these header fields are found in the header fields of any of the fragments, they are ignored.
When the multiple message/partial fragments are reassembled, the
following applies.
If these header fields occur along with the other header fields of a message/partial fragment message, they pertain to an MDN
that will be generated for the fragment.
If these header fields occur in the header fields of the "inner" or "enclosed" message (using the terms of
RFC-MIME-MEDIA), they pertain to an MDN that will be generated for the
reassembled message.
Section 5.2.2.1 of RFC-MIME-MEDIA) is amended to specify that,
in addition to the header fields specified there, the three
header fields described in this specification are to be appended, in order,
to the header fields of the reassembled message.
Any occurrences of the three header fields defined here in the header fields of the initial enclosing
message MUST NOT be copied to the reassembled message.
A message disposition notification is a MIME message with a top-level
content-type of multipart/report (defined in RFC-REPORT).
When multipart/report content is used to transmit an MDN:
The report-type parameter of the multipart/report content is
"disposition-notification".
The first component of the multipart/report contains a
human-readable explanation of the MDN, as described in RFC-REPORT.
The second component of the multipart/report is of content-type
message/disposition-notification, described in of
this document.
If the original message or a portion of the message is to be
returned to the sender, it appears as the third component of the
multipart/report.
The decision of whether or not to return the message or part of the message is up to the MUA generating the
MDN.
However, in the case of encrypted messages requesting MDNs, encrypted message text MUST be returned, if it is returned at
all, only in its original encrypted form.
NOTE: For message disposition notifications gatewayed from foreign
systems, the header fields of the original message may not be available.
In this case, the third component of the MDN may be omitted, or it
may contain "simulated" RFC-MSGFMT header fields that contain
equivalent information.
In particular, it is very desirable to preserve the subject and date fields from the original message.
The MDN MUST be addressed (in both the message header field and the
transport envelope) to the address(es) from the
Disposition-Notification-To header field from the original message for which
the MDN is being generated.
The From header field of the MDN MUST contain the
address of the person for whom the message disposition notification is
being issued.
The envelope sender address (i.e., SMTP "MAIL FROM") of the MDN MUST be
null (<>), specifying that no Delivery Status Notification messages nor
other messages indicating successful or unsuccessful delivery are to
be sent in response to an MDN.
A message disposition notification MUST NOT itself request an MDN.
That is, it MUST NOT contain a Disposition-Notification-To header field.
The Message-ID header field (if present) for an MDN MUST be different from
the Message-ID of the message for which the MDN is being issued.
A particular MDN describes the disposition of exactly one message for
exactly one recipient.
Multiple MDNs may be generated as a result of one message submission, one per recipient.
However, due to the circumstances described in ,
it's possible that some of the recipients for whom MDNs were requested will not generate MDNs.
The message/disposition-notification Media Type is defined as follows:
messagedisposition-notificationnonenone"7bit" encoding is sufficient and
MUST be used to maintain readability
when viewed by non-MIME mail readers.discussed in of [RFCXXXX].none[RFCXXXX]Mail Transfer Agents and email
clients that support multipart/report generation and/or parsing.N/ADeprecated alias names for this type: N/AMagic number(s): noneFile extension(s): .disposition-notification Macintosh file type code(s): The 'TEXT' type code is suggested as
files of this type are typically used for diagnostic purposes
and suitable for analysis in a text editor. A
uniform type identifier (UTI) of
"public.utf8-email-message-header" is suggested. This type
conforms to "public.plain-text".See the Authors' Addresses section of [RFCXXXX]COMMONThis media type contains textual data in the US-ASCII charset, which is always 7-bit.See the Authors' Addresses section of [RFCXXXX]IETFno
(While the 7bit restriction applies to the message/disposition-notification portion of the multipart/report content,
it does not apply to the optional third portion of the multipart/report content.)
The message/disposition-notification report type for use in the
multipart/report is "disposition-notification".
The body of a message/disposition-notification consists of one or more
"fields" formatted according to the ABNF of RFC-MSGFMT header
"fields".
The syntax of the message/disposition-notification content is as follows:
Note that the order of the above fields is recommended, but not fixed. Extension fields can appear anywhere.
Since these fields are defined according to the rules of RFC-MSGFMT,
the same conventions for continuation lines and comments apply.
Notification fields may be continued onto multiple lines by beginning
each additional line with a SPACE or HTAB.
Text that appears in parentheses is considered a comment and not part of the contents of
that notification field.
Field names are case-insensitive, so the names of notification fields may be spelled in any combination of
upper and lower case letters.
comments in notification fields may use
the "encoded-word" construct defined in RFC-MIME-HEADER.
Several fields consist of a "-type" subfield, followed by a semi-colon, followed by "*text".
For these fields, the keyword used in the address-type or MTA-type subfield indicates the expected
format of the address or MTA-name that follows.
The "-type" subfields are defined as follows:
An "address-type" specifies the format of a mailbox address.
For example, Internet Mail addresses use the "rfc822" address-type.
Other values can appear in this field as specified in the "Address Types" IANA subregistry
established by RFC-DSN-FORMAT.
An "MTA-name-type" specifies the format of a mail transfer agent name.
For example, for an SMTP server on an Internet host, the
MTA name is the domain name of that host, and the "dns" MTA-name-type is used.
Other values can appear in this field as specified in the "MTA Name Types" IANA subregistry
established by RFC-DSN-FORMAT.
Values for address-type and mta-name-type are case-insensitive.
Thus, address-type values of "RFC822" and "rfc822" are equivalent.
The Internet Assigned Numbers Authority (IANA) maintains a registry of
address-type and mta-name-type values, along with descriptions of the
meanings of each, or a reference to one or more specifications that
provide such descriptions.
(The "rfc822" address-type is defined in RFC-DSN-SMTP.)
Registration forms for address-type and mta-name-type
appear in RFC-DSN-FORMAT.
The Reporting-UA field is defined as follows:
An MDN describes the disposition of a message after it has been
delivered to a recipient.
In all cases, the Reporting-UA is the MUA that performed the disposition described in the MDN.
This field is optional, but recommended.
For Internet Mail user agents, it is recommended that this field contain both: the DNS name of the
particular instance of the MUA that generated the MDN, and the name of
the product.
For example,
If the reporting MUA consists of more than one component (e.g., a base
program and plug-ins), this may be indicated by including a list of
product names.
The MDN-Gateway field indicates the name of the gateway or MTA that
translated a foreign (non-Internet) message disposition notification
into this MDN.
This field MUST appear in any MDN that was translated by a gateway from a foreign system into MDN format, and MUST NOT
appear otherwise.
For gateways into Internet Mail, the MTA-name-type will normally be
"dns", and the mta-name will be the Internet domain name of the
gateway.
The Original-Recipient field indicates the original recipient address
as specified by the sender of the message for which the MDN is being
issued.
For Internet Mail messages, the value of the Original-Recipient field is obtained from the Original-Recipient
header field from the message for which the MDN is being generated.
If there is an Original-Recipient header field in the message, or if information
about the original recipient is reliably available some other way,
then the Original-Recipient field MUST be included. Otherwise, the
Original-Recipient field MUST NOT be included.
If there is more than one Original-Recipient header field in the message, the MUA may choose the one
to use, or act as if no Original-Recipient header field is present.
The address-type field indicates the type of the original recipient
address.
If the message originated within the Internet, the address-type field will normally be "rfc822", and the address will be
according to the syntax specified in RFC-MSGFMT.
The value "unknown" should be used if the Reporting MUA cannot determine the
type of the original recipient address from the message envelope.
This address is the same as that provided by the sender and can be
used to automatically correlate MDN reports with original messages on
a per recipient basis.
The Final-Recipient field indicates the recipient for which the MDN is
being issued.
This field MUST be present.
The syntax of the field is as follows:
The generic-address subfield of the Final-Recipient field MUST contain
the mailbox address of the recipient (from the From header field of the MDN)
as it was when the MDN was generated by the MUA.
The Final-Recipient address may differ from the address originally
provided by the sender, because it may have been transformed during
forwarding and gatewaying into a totally unrecognizable mess.
However, in the absence of the optional Original-Recipient field, the
Final-Recipient field and any returned content may be the only
information available with which to correlate the MDN with a
particular message recipient.
The address-type subfield indicates the type of address expected by
the reporting MTA in that context.
Recipient addresses obtained via SMTP will normally be of address-type "rfc822",
but can be other values from the "Address Types" subregistry of the
"Delivery Status Notification (DSN) Types" IANA registry.
Since mailbox addresses (including those used in the Internet) may be
case sensitive, the case of alphabetic characters in the address MUST
be preserved.
The Original-Message-ID field indicates the message-ID of the message
for which the MDN is being issued.
It is obtained from the Message-ID header field of the message for which the MDN is issued.
This field MUST be present if and only if the original message contained a Message-ID header field.
The syntax of the field is as follows:
The msg-id token is as specified in RFC-MSGFMT.
The Disposition field indicates the action performed by the
Reporting-MUA on behalf of the user.
This field MUST be present.
The syntax for the Disposition field is:
The disposition-mode, disposition-type, and disposition-modifier values may be
spelled in any combination of upper and lower case US-ASCII characters.
Disposition mode consists of 2 parts: action mode and sending mode.
The following action modes are defined:
The disposition described by the disposition
type was a result of an explicit instruction
by the user rather than some sort of
automatically performed action. (This might include the case when the user has manually
configured her MUA to automatically respond to valid MDN requests.)
Unless prescribed otherwise in a particular mail environment,
in order to preserve user's privacy, this MUST be the default for MUAs.
The disposition described by the disposition
type was a result of an automatic action,
rather than an explicit instruction by the
user for this message. This is typically generated by a Mail Delivery Agent
(e.g. MDN generations by Sieve reject action , Fax-over-Email ,
Voice Messaging System (VPIM) or upon delivery to a mailing list).
"Manual-action" and "automatic-action" are mutually exclusive.
One or the other MUST be specified.
The following sending modes are defined:
The user explicitly gave permission for this
particular MDN to be sent.
Unless prescribed otherwise in a particular mail environment,
in order to preserve user's privacy, this MUST be the default for MUAs.
The MDN was sent because the MUA had
previously been configured to do so
automatically.
"MDN-sent-manually" and "MDN-sent-automatically" are mutually
exclusive.
One or the other MUST be specified.
The following disposition-types are defined:
The message has been displayed by the MUA
to someone reading the recipient's mailbox.
There is no guarantee that the content has
been read or understood.
The message has been sent somewhere in some manner
(e.g., printed, faxed, forwarded) without
necessarily having been previously
displayed to the user. The user may or
may not see the message later.
The message has been processed in some manner (i.e.,
by some sort of rules or server) without
being displayed to the user. The user may
or may not see the message later, or there
may not even be a human user associated
with the mailbox.
The message has been deleted.
The recipient may or may not have seen the
message.
The recipient might "undelete" the message at a later time and read the
message.
Only the extension disposition modifiers is defined:
Disposition modifiers may be defined
in the future by later revisions
or extensions to this specification.
MDN disposition value names MUST be registered with
the Internet Assigned Numbers Authority
(IANA) using "Specification required" registration policy.
(See for a registration form.)
MDNs with disposition modifier
names not understood by the receiving MUA
MAY be silently ignored or placed in the
user's mailbox without special
interpretation.
They MUST NOT cause any error message to be sent to the sender of
the MDN.
It is not required that an MUA be able to generate all of the possible
values of the Disposition field.
A user agent MUST NOT issue more than one MDN on behalf of each
particular recipient.
That is, once an MDN has been issued on behalf of a recipient, no further MDNs may be issued on behalf of
that recipient, even if another disposition is performed on the
message.
However, if a message is forwarded, a "dispatched" MDN MAY be issued for the recipient doing the forwarding and the recipient of
the forwarded message may also cause an MDN to be generated.
The Failure and Error fields are used to supply additional
information in the form of text messages when the "error" disposition modifier appear.
The syntax is as follows:
Note that syntax of these header fields doesn't include comments, so "encoded-word" construct
defined in RFC-MIME-HEADER can't be used to convey non ASCII text.
Application that need to convey non ASCII text in these fields should consider implementing
message/global-disposition-notification media type specified in
instead of this specification.
Additional MDN fields may be defined in the future by later revisions
or extensions to this specification.
MDN field names MUST be registered with the Internet Assigned Numbers Authority
(IANA) using "Specification required" registration policy.
(See for a registration form.)
MDN Extension-fields may be defined for the following reasons:
To allow additional information from foreign disposition reports
to be tunneled through Internet MDNs.
The names of such MDN fields should begin with an indication of the foreign environment
name (e.g., X400-Physical-Forwarding-Address).
To allow transmission of diagnostic information that is specific
to a particular mail user agent (MUA).
The names of such MDN fields should begin with an indication of the MUA implementation
that produced the MDN (e.g., Foomail-information).
The following timeline shows when various events in the processing of
a message and generation of MDNs take place:
User composes message
User tells MUA to send message.
MUA passes message to Mail Submission Agent (MSA), original recipient information passed along.
MSA sends message to next MTA.
Final MTA receives message.
Final MTA delivers message to recipient's mailbox (possibly generating a Delivery Status Notification (DSN)).
(Recipient's) MUA discovers a new message in recipient's mailbox and decides whether
an MDN should be generated. If the MUA has information that an MDN has already been generated for this message,
no further MDN processing described below is performed.
If MUA decides that no MDN can be generated, no further MDN processing described below is performed.
MUA performs automatic processing and might generate corresponding MDNs
("dispatched", "processed" or "deleted"
disposition type with "automatic-action" and "MDN-sent-automatically"
disposition modes). The MUA remembers that an MDN was generated.
MUA displays list of messages to user.
User selects a message and requests that some action be performed
on it.
MUA performs requested action; if an automatic MDN has not already
been generated, with user's permission, sends
an appropriate MDN ("displayed", "dispatched", "processed",
or "deleted" disposition type, with "manual-action"
and "MDN-sent-manually" or "MDN-sent-automatically" disposition mode). The MUA remembers that an MDN was generated.
User possibly performs other actions on message, but no further
MDNs are generated.
An MUA or gateway conforms to this specification if it generates MDNs
according to the protocol defined in this memo.
It is not necessary to be able to generate all of the possible values of the Disposition
field.
MUAs and gateways MUST NOT generate the Original-Recipient field of an
MDN unless the mail protocols provide the address originally specified
by the sender at the time of submission.
Ordinary SMTP does not make that guarantee, but the SMTP extension defined in RFC-DSN-SMTP
permits such information to be carried in the envelope if it is
available.
The Original-Recipient header field defined in this document provides a way for the MTA to pass the original recipient address to
the MUA.
Each sender-specified recipient address may result in more than one
MDN.
If an MDN is requested for a recipient that is forwarded to multiple recipients of an "alias" (as defined in RFC-DSN-SMTP,
section 6.2.7.3), each of the recipients may issue an MDN.
Successful distribution of a message to a mailing list exploder or gateway to Usenet newsgroup SHOULD
be considered the final disposition of the message.
A mailing list exploder MAY issue an MDN with a disposition type of "processed" and
disposition modes of "automatic-action" and "MDN-sent-automatically"
indicating that the message has been forwarded to the list.
In this case, the request for MDNs is not propagated to the members of the
list.
Alternatively (if successful distribution of a message to a mailing list exploder/Usenet newsgroup is not
considered the final disposition of the message), the mailing list exploder can issue no MDN and
propagate the request for MDNs to all members of the list.
The latter behavior is not recommended for any but small, closely knit lists, as
it might cause large numbers of MDNs to be generated and may cause
confidential subscribers to the list to be revealed.
The mailing list exploder can also direct MDNs to itself, correlate them, and produce a
report to the original sender of the message.
This specification places no restrictions on the processing of MDNs
received by user agents or mailing lists.
The following security considerations apply when using MDNs:
MDNs can be (and are, in practice) forged as easily as ordinary Internet electronic mail.
User agents and automatic mail handling facilities (such as mail
distribution list exploders) that wish to make automatic use of MDNs
should take appropriate precautions to minimize the potential damage
from denial-of-service attacks.
Security threats related to forged MDNs include the sending of:
A falsified disposition notification when the indicated
disposition of the message has not actually occurred,Unsolicited MDNs
Another dimension of security is privacy.
There may be cases in which a message recipient does not wish the disposition of messages
addressed to him to be known, or is concerned that the sending of MDNs
may reveal other sensitive information (e.g., when the message was
read).
In this situation, it is acceptable for the MUA to silently ignore requests for MDNs.
If the Disposition-Notification-To header field is passed on unmodified when
a message is distributed to the subscribers of a mailing list, the
subscribers to the list may be revealed to the sender of the original
message by the generation of MDNs.
Headers of the original message returned in part 3 of the
multipart/report, as well as content of the message/disposition-notification
part could reveal confidential information about host
names and/or network topology inside a firewall.
Disposition mode () can leak information about
recipient's MUA configuration, in particular whether MDNs are acknowledged manually
or automatically. If this is a concern, MUAs can return "manual-action/MDN-sent-manually"
disposition mode in generated MDNs.
In general, any optional MDN field may be omitted if the Reporting MUA
site or user determines that inclusion of the field would impose too
great a compromise of site confidentiality.
The need for such confidentiality must be balanced against the utility of the omitted
information in MDNs.
In some cases, someone with access to the message stream may use the
MDN request mechanism to monitor the mail reading habits of a target.
If the target is known to generate MDN reports, they could add a
disposition-notification-to field containing the envelope from address
along with a source route.
The source route is ignored in the comparison so the addresses will always match.
But if the source route is honored when the notification is sent, it could direct the message
to some other destination.
This risk can be minimized by not sending MDN's automatically.
MDNs do not provide non-repudiation with proof of delivery.
Within the framework of today's Internet Mail, the MDNs defined in this document
provide valuable information to the mail user; however, MDNs cannot
be relied upon as a guarantee that a message was or was not seen by
the recipient.
Even if MDNs are not actively forged, they may be lost in transit.
The recipient may bypass the MDN issuing mechanism in some manner.
One possible solution for this purpose can be found in RFC-SEC-SERVICES.
The MDN request mechanism introduces an additional way of mailbombing
a mailbox.
The MDN request notification provides an address to which MDN's should be sent.
It is possible for an attacking agent to send a potentially large set of messages to otherwise unsuspecting third
party recipients with a false "disposition-notification-to:" address.
Automatic, or simplistic processing of such requests would result in a
flood of MDN notifications to the target of the attack.
Such an attack could overrun the capacity of the targeted mailbox and deny
service.
For that reason, MDN's SHOULD NOT be sent automatically where the
"disposition-notification-to:" address is different from the
SMTP "MAIL FROM" address (which is carried in the Return-Path header field).
See for further discussion.
NOTE: The following lexical tokens are defined in RFC-MSGFMT:
CRLF, FWS, CFWS, field-name, mailbox-list, msg-id, text, comment, word.
The following lexical tokens are defined in RFC-SMTP:
atom. (Note that RFC-MSGFMT also defines "atom",
but the version from RFC-SMTP is more restrictive and
this more restrictive version is used in this document.)
"encoded-word" construct defined in RFC-MIME-HEADER is allowed everywhere
where RFC-MSGFMT "comment" is used, for example in CFWS.
NOTE: This section provides non-binding recommendations for the
construction of mail gateways that wish to provide semi-transparent
disposition notifications between the Internet and another electronic
mail system.
Specific MDN gateway requirements for a particular pair of mail systems may be defined by other documents.
A mail gateway may issue an MDN to convey the contents of a "foreign"
disposition notification over Internet Mail.
When there are appropriate mappings from the foreign notification elements to MDN
fields, the information may be transmitted in those MDN fields.
Additional information (such as might be needed to tunnel the foreign
notification through the Internet) may be defined in extension MDN
fields.
(Such fields should be given names that identify the foreign mail protocol, e.g., X400-* for X.400 protocol elements).
The gateway must attempt to supply reasonable values for the
Reporting-UA, Final-Recipient, and Disposition fields.
These will normally be obtained by translating the values from the foreign
notification into their Internet-style equivalents.
However, some loss of information is to be expected.
The sender-specified recipient address and the original message-id,
if present in the foreign notification, should be preserved in the
Original-Recipient and Original-Message-ID fields.
The gateway should also attempt to preserve the "final" recipient
address from the foreign system.
Whenever possible, foreign protocol elements should be encoded as meaningful printable ASCII strings.
For MDNs produced from foreign disposition notifications, the name of
the gateway MUST appear in the MDN-Gateway field of the MDN.
It may be possible to gateway MDNs from the Internet into a foreign
mail system.
The primary purpose of such gatewaying is to convey disposition information in a form that is usable by the destination
system.
A secondary purpose is to allow "tunneling" of MDNs through foreign mail systems in case the MDN may be gatewayed back into the
Internet.
In general, the recipient of the MDN (i.e., the sender of the original
message) will want to know, for each recipient: the closest available
approximation to the original recipient address, and the disposition
(displayed, printed, etc.).
If possible, the gateway should attempt to preserve the
Original-Recipient address and Original-Message-ID (if present) in
the resulting foreign disposition report.
If it is possible to tunnel an MDN through the destination
environment, the gateway specification may define a means of
preserving the MDN information in the disposition reports used by that
environment.
By use of the separate disposition-notification-to request header field,
this specification offers a richer functionality than most, if not all,
other email systems.
In most other email systems, the notification recipient is identical to the message sender as indicated in the
"from" address.
There are two interesting cases when gatewaying into such systems:
If the address in the disposition-notification-to header field is
identical to the address in the SMTP "MAIL FROM", the expected
behavior will result, even if the disposition-notification-to
information is lost.
Systems should propagate the MDN request.
If the address in the disposition-notification-to header field is
different from the address in the SMTP "MAIL FROM", gatewaying
into a foreign system without a separate notification address
will result in unintended behavior.
This is especially important when the message arrives via a mailing list expansion
software that may specifically replace the SMTP "MAIL FROM"
address with an alternate address.
In such cases, the MDN request should not be gatewayed and should be silently
dropped.
This is consistent with other forms of non-support for MDN.
NOTE: This example is provided as illustration only, and is not
considered part of the MDN protocol specification.
If the example conflicts with the protocol definition above, the example is wrong.
Likewise, the use of *-type subfield names or extension fields in this
example is not to be construed as a definition for those type names or
extension fields.
This is an MDN issued after a message has been displayed to the user
of an Internet Mail user agent.
There are two actions for IANA:
IANA is asked to update the registration template for the
message/disposition-notification media type to the one in
of this document,
and to update the reference for that media type to point to this document
instead of to RFC 3798.The registries specified here already exist, and this section
is updating their documentation. IANA is asked to change the
reference document for the three Message Disposition
Notification Parameters registries to point to this document
instead of to RFC 3798.
This document specifies three types of parameters that must be
registered with the Internet Assigned Numbers Authority (IANA).
All of them use "Specification required" IANA registration policy.
The forms below are for use when registering a new disposition-notification-parameter name for
the Disposition-Notification-Options header field, a new disposition
modifier name, or a new MDN extension field.
Each piece of information required by a registration form may be satisfied either by
providing the information on the form itself, or by including a
reference to a published, publicly available specification that
includes the necessary information.
IANA MAY reject registrations because of incomplete registration forms or incomplete specifications.
To register, complete the following applicable form and send it via
electronic mail to <IANA@IANA.ORG>.
A registration for a Disposition-Notification-Options header field disposition-notification-parameter
name MUST include the following information:
The proposed disposition-notification-parameter name.
The syntax for disposition-notification-parameter values, specified using BNF, ABNF,
regular expressions, or other non-ambiguous language.
If disposition-notification-parameter values are not composed entirely of graphic
characters from the US-ASCII repertoire, a specification for how
they are to be encoded as graphic US-ASCII characters in a
Disposition-Notification-Options header field.
A reference to a permanent and readily available public
specification that describes the semantics of the disposition-notification-parameter values.
A registration for a disposition-modifier name (used in the
Disposition field of a message/disposition-notification) MUST include
the following information:
The proposed disposition-modifier name.
A reference to a permanent and readily available public
specification that describes the semantics of the disposition
modifier.
A registration for an MDN extension-field name MUST include the
following information:
The proposed extension field name.
The syntax for extension values, specified using BNF, ABNF,
regular expressions, or other non-ambiguous language.
If extension-field values are not composed entirely of graphic
characters from the US-ASCII repertoire, a specification for how
they are to be encoded as graphic US-ASCII characters in a
Disposition-Notification-Options header field.
A reference to a permanent and readily available public
specification that describes the semantics of the extension field.
The contributions of Bruce Lilly, Alfred Hoenes, Barry Leiba, Ben Campbell and Pete Resnick are gratefully acknowledged for this revision.
The contributions of Roger Fajman and Greg Vaudreuil to earlier versions of this document are also gratefully acknowledged.
Changed IANA registration for different subregistries to "Specification Required" to match what is already used by IANA.
Updated IANA registration template for message/disposition-notification."X-" fields no longer reserved for experimental use and can now be registered in compliance with RFC 6648.Fixed the default MTA-name-type used in "MDN-Gateway" to be "dns".Strengthen requirements on obtaining user consent in order to protect user privacy.
The values of "dispatched" and "processed" were lost from the ABNF for "disposition-type". (Erratum #691)
Because the warning disposition modifier was previously removed, warning-field has also been removed. (Erratum #692)
The ABNF for ua-name and ua-product included semi-colon, which could not be distinguished from *text in the production.
The ua-name was restricted to not include semi-colon. Semi-colon can still appear in the ua-product.
The ABNF did not indicate all places that whitespace was allowable, in particular folding whitespace, although all implementations
allow whitespace and folding in the header fields just like any other RFC5322-formatted header field.
There were also a number of places in the ABNF that inconsistently permitted comments and whitespace in one leg of the production and not another.
The ABNF now specifies FWS and CFWS in several places that should have already been specified by the grammar.
Extension-field was defined in the collected grammar but not in the main text.
The comparison of mailboxes in Disposition-Notification-To to the Return-Path addr-spec was clarified.
The use of the grammar production "parameter" was confusing with the RFC2045
production of the same name, as well as other uses of the same term.
These have been clarified.
A clarification was added on the extent of the 7bit nature of MDNs.
Uses of the terms "may" and "might" were clarified.
A clarification was added on the order of the fields in the message/disposition-notification content.