Network Working Group N. Borenstein Internet-Draft Mimecast Intended status: Informational M. Kucherawy Expires: December 3, 2011 Cloudmark June 1, 2011 A Reputation Vocabulary for Email Properties draft-kucherawy-reputation-vocab-email-00 Abstract This document defines a vocabulary for describing email identities (typically authors or signers) with the application/reputon media type. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on December 3, 2011. Copyright Notice Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Borenstein & Kucherawy Expires December 3, 2011 [Page 1] Internet-Draft Email Properties Reputation Vocabulary June 2011 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Document Series . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Terminology and Definitions . . . . . . . . . . . . . . . . . . 3 3.1. Keywords . . . . . . . . . . . . . . . . . . . . . . . . . 3 3.2. Email Definitions . . . . . . . . . . . . . . . . . . . . . 4 3.3. Other Definitions . . . . . . . . . . . . . . . . . . . . . 4 4. Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . 4 4.1. Assertions . . . . . . . . . . . . . . . . . . . . . . . . 4 4.2. Vocabulary Extensions . . . . . . . . . . . . . . . . . . . 4 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 5 5.1. Registration of 'email-content' Reputation Application . . 5 6. Security Considerations . . . . . . . . . . . . . . . . . . . . 5 6.1. General . . . . . . . . . . . . . . . . . . . . . . . . . . 6 7. Informative References . . . . . . . . . . . . . . . . . . . . 6 Appendix A. Public Discussion . . . . . . . . . . . . . . . . . . 6 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 6 Borenstein & Kucherawy Expires December 3, 2011 [Page 2] Internet-Draft Email Properties Reputation Vocabulary June 2011 1. Introduction This memo defines a "vocabulary" for describing reputation of a property of an email message that is not an identity. A "vocabulary" in this context is defined in [RFCxxxx] and is used to describe assertions a reputation service provider can make about properties of an email message as well as meta-data that can be included in such a reply beyond the base set specified there. A separate document in this series declares a vocabulary for use in relating reputation information about an identity found in an email message. 2. Document Series This memo represents the media type registration, part of a series of documents that define the overall service and introduce the initial exemplary applications. The series is as follows: 1. RFCxxxx: A Model for Reputation Interchange 2. RFCxxxx+1: A Media Type for Reputation Information 3. RFCxxxx+2: Using UDP for Reputation Interchange 4. RFCxxxx+3: Using the DNS for Reputation Interchange 5. RFCxxxx+4: Using HTTP/XML for Reputation Interchange 6. RFCxxxx+5: A Reputation Vocabulary for Email Identity Reputation 7. RFCxxxx+6: A Reputation Vocabulary for Email Property Reputation (this memo) 3. Terminology and Definitions This section defines terms used in the rest of the document. 3.1. Keywords The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [KEYWORDS]. Borenstein & Kucherawy Expires December 3, 2011 [Page 3] Internet-Draft Email Properties Reputation Vocabulary June 2011 3.2. Email Definitions Commonly used definitions describing entities in the email architecture are defined and discussed in [EMAIL-ARCH]. 3.3. Other Definitions Other terms of importance in this memo are defined in RFCxxxx, the base memo in this document series. 4. Discussion The expression of reputation about an email property requires extensions of the base set defined in [RFCxxxx]. This memo defines and registers some common assertions about an entity found in a piece of [MAIL]. Unless otherwise noted, the property extracted from the message MUST be preserved precisely, with no characters omitted even if they are considered syntax errors within context. 4.1. Assertions The "email" reputation application recognizes the following assertions: CONTAINS-MALWARE: The subject property is associated with messages that contain malware IS-PHISH: The subject property is associated with fraudulent email with a goal of identity theft IS-SPAM: The subject property is associated with unwanted bulk email 4.2. Vocabulary Extensions The "email-content" reputation application recognizes the following extensions to the vocabulary defined in [RFCxxxx]: SOURCE: A token indicating the source of the property; that is, where the subject property was found in the message. This MUST be one of: RFC5321.MAILFROM: The RFC5321.MailFrom value of the envelope of a message of the message (see [SMTP]) Borenstein & Kucherawy Expires December 3, 2011 [Page 4] Internet-Draft Email Properties Reputation Vocabulary June 2011 RFC5322.FROM: The RFC5322.From field of the message (see [MAIL]). Any folding whitespace MUST be rewritten to a single linear space character (ASCII 32). RFC5322.MESSAGE-ID: The RFC5322.Message-Id field of the message (see [MAIL]) RFC5322.SUBJECT: The RFC5322.Subject field of the message (see [MAIL]). Any folding whitespace MUST be rewritten to a single linear space character (ASCII 32). UNSPECIFIED: Any arbitrary string from anywhere in the message. URI: A complete URI found in the message, such as the content of a "src" tag in an "img" element, or an "href" tag in an "a" element. (See [URI] and [HTML]). URI-HOST: The "host" portion of a URI found in the message. Note that this can be a DNS domain name or an IP address, each in any of various encodings. (See [URI] and [HTML]). 5. IANA Considerations This memo presents one action for IANA, namely the registraton of the reputation application "email-content". 5.1. Registration of 'email-content' Reputation Application This section registers the "email-content" reputation application, as defined in [RFCxxxx+1]. The registration parameters are as folows: o Application name: email-content o Short description: Evaluates any of various properties of an email message that are not identities o Defining document: [this memo] o Status: current 6. Security Considerations This memo describes security considerations introduced by the media type defined here. Borenstein & Kucherawy Expires December 3, 2011 [Page 5] Internet-Draft Email Properties Reputation Vocabulary June 2011 6.1. General This memo is part of a series introducing a reputation query and response system (see Section 2). The Security Considerations sections of the other memos should also be consulted. 7. Informative References [EMAIL-ARCH] Crocker, D., "Internet Mail Architecture", RFC 5598, July 2009. [HTML] Raggett, D., Le Hors, A., and I. Jacobs, "HTML 4.01 Specification", December 1999, . [KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [MAIL] Resnick, P., Ed., "Internet Message Format", RFC 5322, October 2008. [SMTP] Klensin, J., "Simple Mail Transfer Protocol", RFC 5321, October 2008. [URI] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", RFC 3986, January 2005. Appendix A. Public Discussion Public discussion of this suite of memos takes place on the domainrep@ietf.org mailing list. See https://www.ietf.org/mailman/listinfo/domainrep. Borenstein & Kucherawy Expires December 3, 2011 [Page 6] Internet-Draft Email Properties Reputation Vocabulary June 2011 Authors' Addresses Nathaniel Borenstein Mimecast 203 Crescent St., Suite 303 Waltham, MA 02453 USA Phone: +1 781 996 5340 Email: nsb@guppylake.com Murray S. Kucherawy Cloudmark 128 King St., 2nd Floor San Francisco, CA 94107 USA Phone: +1 415 946 3800 Email: msk@cloudmark.com Borenstein & Kucherawy Expires December 3, 2011 [Page 7]