Network Working Group N. Borenstein Internet-Draft Mimecast Intended status: Informational M. Kucherawy Expires: May 3, 2012 Cloudmark October 31, 2011 A Reputation Vocabulary for Email Identities draft-kucherawy-reputation-vocab-identity-02 Abstract This document defines a vocabulary for describing email identities (typically authors or signers) with the application/reputon media type. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on May 3, 2012. Copyright Notice Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Borenstein & Kucherawy Expires May 3, 2012 [Page 1] Internet-Draft Email Identities Reputation Vocabulary October 2011 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Document Series . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Terminology and Definitions . . . . . . . . . . . . . . . . . . 3 3.1. Keywords . . . . . . . . . . . . . . . . . . . . . . . . . 3 3.2. Email Definitions . . . . . . . . . . . . . . . . . . . . . 3 3.3. Other Definitions . . . . . . . . . . . . . . . . . . . . . 4 4. Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . 4 4.1. Assertions . . . . . . . . . . . . . . . . . . . . . . . . 4 4.2. Vocabulary Extensions . . . . . . . . . . . . . . . . . . . 4 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 5 5.1. Registration of 'email-id' Reputation Application . . . . . 5 6. Security Considerations . . . . . . . . . . . . . . . . . . . . 5 6.1. General . . . . . . . . . . . . . . . . . . . . . . . . . . 5 7. Informative References . . . . . . . . . . . . . . . . . . . . 6 Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . . 6 Appendix B. Public Discussion . . . . . . . . . . . . . . . . . . 6 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 6 Borenstein & Kucherawy Expires May 3, 2012 [Page 2] Internet-Draft Email Identities Reputation Vocabulary October 2011 1. Introduction This memo defines a "vocabulary" for describing reputation of an email identity. A "vocabulary" in this context is defined in [RFCxxxx] and is used to describe assertions a reputation service provider can make about email identities as well as meta-data that can be included in such a reply beyond the base set specified there. 2. Document Series This memo represents the media type registration, part of a series of documents that define the overall service and introduce the initial exemplary applications. The series is as follows: 1. RFCxxxx: A Model for Reputation Interchange 2. RFCxxxx+1: A Media Type for Reputation Information 3. RFCxxxx+2: Using UDP for Reputation Interchange 4. RFCxxxx+3: Using the DNS for Reputation Interchange 5. RFCxxxx+4: Using HTTP/XML for Reputation Interchange 6. RFCxxxx+5: A Reputation Vocabulary for Email Identity Reputation (this memo) 7. RFCxxxx+6: A Reputation Vocabulary for Email Property Reputation 3. Terminology and Definitions This section defines terms used in the rest of the document. 3.1. Keywords The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [KEYWORDS]. 3.2. Email Definitions Commonly used definitions describing entities in the email architecture are defined and discussed in [EMAIL-ARCH]. Borenstein & Kucherawy Expires May 3, 2012 [Page 3] Internet-Draft Email Identities Reputation Vocabulary October 2011 3.3. Other Definitions Other terms of importance in this memo are defined in RFCxxxx, the base memo in this document series. 4. Discussion The expression of reputation about an email identity requires extensions of the base set defined in [RFCxxxx]. This memo defines and registers some common assertions about an entity found in a piece of [MAIL]. 4.1. Assertions The "email-id" reputation application recognizes the following assertions: PERPETRATES-FRAUD: The subject identity is associated with fraudulent email SENDS-MALWARE: The subject identity is associated with the sending or relaying of malware via email SENDS-SPAM: The subject identity is associated with unwanted bulk email SENDS-TO-INVALID-RECIPIENTS: The subject delivery attempts to nonexistent recipients For all assertions, the RATING scale is linear: A value of 0.0 means there is no data to support the assertion, a value of 1.0 means all accumulated data support the assertion, and the intervening values have a linear relationship (i.e., a score of "x" is twice as strong of an assertion as a value of "x/2"). 4.2. Vocabulary Extensions The "email-id" reputation application recognizes the following extensions to the vocabulary defined in [RFCxxxx]: IDENTITY: A token indicating the source of the identity; that is, where the subject identity was found in the message. This MUST be one of: Borenstein & Kucherawy Expires May 3, 2012 [Page 4] Internet-Draft Email Identities Reputation Vocabulary October 2011 DKIM: The signing domain, i.e. the value of the "d=" tag, found on a valid [DKIM] signature in the message RFC5321.MAILFROM: The RFC5321.MailFrom value of the envelope of a message of the message (see [SMTP]) RFC5322.FROM: The RFC5322.From field of the message (see [MAIL]) SPF: The identity verified by [SPF]) 5. IANA Considerations This memo presents one action for IANA, namely the registraton of the reputation application "email-id". 5.1. Registration of 'email-id' Reputation Application This section registers the "email-id" reputation application, as defined in [RFCxxxx+1]. The registration parameters are as folows: o Application name: email-id o Short description: Evaluates DNS domain names found in email identities o Defining document: [this memo] o Status: current o Application-specific query parameters: subject: (current) identifies the subject of the reputation query; in this case, it is the email identity whose reputation is requested 6. Security Considerations This memo describes security considerations introduced by the media type defined here. 6.1. General This memo is part of a series introducing a reputation query and response system (see Section 2). The Security Considerations sections of the other memos should also be consulted. Borenstein & Kucherawy Expires May 3, 2012 [Page 5] Internet-Draft Email Identities Reputation Vocabulary October 2011 7. Informative References [DKIM] Crocker, D., Ed., Hansen, T., Ed., and M. Kucherawy, Ed., "DomainKeys Identified Mail (DKIM) Signatures", RFC 6376, September 2011. [EMAIL-ARCH] Crocker, D., "Internet Mail Architecture", RFC 5598, July 2009. [KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [MAIL] Resnick, P., Ed., "Internet Message Format", RFC 5322, October 2008. [SMTP] Klensin, J., "Simple Mail Transfer Protocol", RFC 5321, October 2008. [SPF] Wong, M. and W. Schlitt, "Sender Policy Framework (SPF) for Authorizing Use of Domains in E-Mail, Version 1", RFC 4408, April 2006. Appendix A. Acknowledgments The authors wish to acknowledge the contributions of the following to this specification: David F. Skoll. Appendix B. Public Discussion Public discussion of this suite of memos takes place on the domainrep@ietf.org mailing list. See https://www.ietf.org/mailman/listinfo/domainrep. Borenstein & Kucherawy Expires May 3, 2012 [Page 6] Internet-Draft Email Identities Reputation Vocabulary October 2011 Authors' Addresses Nathaniel Borenstein Mimecast 203 Crescent St., Suite 303 Waltham, MA 02453 USA Phone: +1 781 996 5340 Email: nsb@guppylake.com Murray S. Kucherawy Cloudmark 128 King St., 2nd Floor San Francisco, CA 94107 USA Phone: +1 415 946 3800 Email: msk@cloudmark.com Borenstein & Kucherawy Expires May 3, 2012 [Page 7]