Network Working Group J. Macdonald Internet-Draft e-Dialog Updates: 3463 (if approved) March 22, 2010 Intended status: Standards Track Expires: September 22, 2010 Suggested values for SMTP Enhanced Status Codes for Anti-Spam Policy draft-macdonald-antispam-registry-00 Status of this Memo Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on September 22, 2010. Macdonald Expires September 22, 2010 [Page 1] Internet-Draft SMTP Enhanced Status Codes for Anti-Spam March 2010 Abstract This document establishes a set of extended SMTP policy codes for anti-spam. It seeks to provide additional codes for error texts that currently use the extended SMTP error code 5.7.1. The anti-spam codes were determined by looking at error texts produced by major ISPs and finding commonalities. The result is a new set of error texts with associated extended SMTP error codes. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 3. Security Considerations . . . . . . . . . . . . . . . . . . . 9 4. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 10 5. References . . . . . . . . . . . . . . . . . . . . . . . . . . 11 5.1. Normative References . . . . . . . . . . . . . . . . . . . 11 5.2. Informative References . . . . . . . . . . . . . . . . . . 11 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 13 Macdonald Expires September 22, 2010 [Page 2] Internet-Draft SMTP Enhanced Status Codes for Anti-Spam March 2010 1. Introduction This RFC defines a set of Enhanced Status Codes [RFC3463] [RFC1893] for SMTP related to anti-spam policy. These codes are to be registered with the IANA Mail Enhanced Status Codes registry as defined in [RFC5248]. Anti-Spam policy is inherently a local decision. This document strives to document the more common policies and define an initial set of enhanced status codes. While this document provides suggested text for each detail code, alternate text can be provided if the text is in the spirit of the suggested text. This will allow sites to simply prepend the proper extended SMTP code to their existing text. Sites that are starting to implement anti-spam policy SHOULD use the text provided in this document. All of these messages were gathered by surveying several existing large ISPs to see what messages they produce when presented with messages that violate their policies. An attempt was then made to coalesce the messages together into common themes. This document is being discussed on the SMTP mailing list, ietf-smtp@imc.org [1]. Macdonald Expires September 22, 2010 [Page 3] Internet-Draft SMTP Enhanced Status Codes for Anti-Spam March 2010 2. IANA Considerations IANA is directed to add the following values to the registry of Mail Enhanced Status Codes specified in [RFC5248]. The Mail Enhanced Status Codes registry will be modified to add a new subject sub-code having the value 8. This sub-code will be dedicated to anti-spam policy related SMTP errors. All following entries will use the following common fields: Reference: <> Submitter: J. Macdonald Change Controller: IESG The following Subject Sub-code is defined: Code: X.8.YYY Summary: Anti-Spam policy related Description: All status codes related to anti-spam policy that are not security related, as decided by a site administrator. The following enumerated status codes are defined. Code: X.8.0 Sample Text: Undefined Policy detail Associated Basic Status Code: ???? Description: This enhanced status code SHOULD be returned when no other applicable anti-spam policy enhanced status code is appropriate. Administrators are encouraged to contact the Author stating how other detail codes fail to satisfy their criteria in order to facilitate an update to this RFC. Administrators SHOULD indicate what policy is being violated by including a URL providing further details by appending the text with ": see for further details." X.8.0 should be used for all errors for which there is no detail error known. Code: X.8.1 Sample Text: message refused by local policy Associated Basic Status Code: ???? Description: This indicates that the something in the message has violated some local policy but the site administrator is not willing to divulge any further details as to what policy has been violated. Macdonald Expires September 22, 2010 [Page 4] Internet-Draft SMTP Enhanced Status Codes for Anti-Spam March 2010 Code: X.8.2 Sample Text: excessive volume Associated Basic Status Code: ???? Description: This indicates that some volume threshold has been reached. Administrators MAY include a URL for further details by appending the text with ": see for further details." Code: X.8.3 Sample Text: listed on RBL Associated Basic Status Code: ???? Description: This indicates the connecting IP is listed on a real-time block list. Administrators MAY include a URL for further details by appending the text with ": see for further details." Code: X.8.4 Sample Text: to many invalid recipients from sending Associated Basic Status Code: ???? Description: This indicates that the sending domain or IP has reached the receiving sites limit regarding invalid recipients. This is not to be used for to many recipients in a single message but for when the ratio of bad recipients vs good recipients has passed the receiving sites threshold. Administrators MAY include a URL for further details by appending the text with ": see for further details." Code: X.8.5 Sample Text: Unacceptable content Associated Basic Status Code: ???? Description: This indicates that the content had some object-able content. Content includes the entirety of the message body which includes the headers. Administrators MAY include a URL for further details by appending the text with ": see for further details." Code: X.8.6 Sample Text: Suspected phishing attempt Associated Basic Status Code: ???? Description: The receiving system suspects the messages is part of a phishing attempt. Administrators MAY include a URL for further details by appending the text with ": see for further details." Macdonald Expires September 22, 2010 [Page 5] Internet-Draft SMTP Enhanced Status Codes for Anti-Spam March 2010 Code: X.8.7 Sample Text: is dynamically blocked due to complaints Associated Basic Status Code: ???? Description: Users of the receiving system are complaining about email from the listed IDENTITY and therefore the receiving system is blocking further messages for a period of time. IDENTITY is normally an IP or domain. Administrators MAY include a URL for further details by appending the text with ": see for further details." Code: X.8.8 Sample Text: is permanently blocked due to complaints Associated Basic Status Code: ???? Description: Users of the receiving system are complaining about email from the listed identity and therefore the receiving system is PERMANANTLY blocking further messages. IDENTITY is normally an IP or domain. Administrators MAY include a URL for further details by appending the text with ": see for further details." Code: X.8.9 Sample Text: this recipient will not accept any messages from Associated Basic Status Code: ???? Description: The recipient has chosen to not accept message from IDENTITY. Administrators MAY include a URL for further details by appending the text with ": see for further details." Code: X.8.10 Sample Text: is a dynamic IP Associated Basic Status Code: ???? Description: The IDENTITY (an IP address) is a dynamic IP. Administrators MAY include a URL for further details by appending the text with ":see for further details." Code: X.8.11 Sample Text: has been compromised Associated Basic Status Code: ???? Description: It has been determined by the receiver (or a 3rd party the receiver is using) that the IDENTITY (an IP address or Domain) has been compromised. This is usually and indication that the machine hosting the IP is infected with a virus or is part of a Zombie network. Administrators MAY include a URL for further details by appending the text with ": see for further details." Macdonald Expires September 22, 2010 [Page 6] Internet-Draft SMTP Enhanced Status Codes for Anti-Spam March 2010 Code: X.8.12 Sample Text: is an un-delegated IP Associated Basic Status Code: ???? Description: The IDENTITY (an IP address) hasn't been assigned by ARIN or any other authority that can assign an IP to an organization. Administrators MAY include a URL for further details by appending the text with ": see for further details." Code: X.8.13 Sample Text: reverse DNS lookup for failed Associated Basic Status Code: ???? Description: There was no hostname associated with the reverse DNS lookup of IDENTITY (an IP address). Administrators MAY include a URL for further details by appending the text with ": see for further details." Code: X.8.14 Sample Text: is temporarily blocked Associated Basic Status Code: ???? Description: The listed IDENTITY was blocked due to some threshold being reached and the block will lift itself after a period of time. IDENTITY is normally an IP or domain. Administrators MAY include a URL for further details by appending the text with ": see for further details." Code: X.8.15 Sample Text: is permanently blocked Associated Basic Status Code: ???? Description: The listed IDENTITY was blocked due to some threshold being reached. The block will NOT lift itself after a period of time. IDENTITY is normally an IP or Domain. Administrators MAY include a URL for further details by appending the text with ": see for further details." Code: X.8.16 Sample Text: is an open relay Associated Basic Status Code: ???? Description: The listed IDENTITY (normally an IP) was blocked because it is considered an open relay. Administrators MAY include a URL for further details by appending the text with ": see for further details." Macdonald Expires September 22, 2010 [Page 7] Internet-Draft SMTP Enhanced Status Codes for Anti-Spam March 2010 Code: X.8.17 Sample Text: malformed content Associated Basic Status Code: ???? Description: The content doesn't follow recommended formatting. This can be HTML related, URL related or RFC related. Administrators MAY include a URL for further details by appending the text with ":see for further details." Code: X.8.18 Sample Text: recipients have complained about included content Associated Basic Status Code: ???? Description: Past recipients have complained about content that is also included in this message. Administrators MAY include a URL for further details by appending the text with ": see for further details." Code: X.8.19 Sample Text: has been temporarily rate limited due to complaints Associated Basic Status Code: ???? Description: Users of the receiving system are complaining about email from the listed IDENTITY and therefore the receiving system is rate limiting further messages for a period of time. IDENTITY is normally an IP or Domain. Administrators MAY include a URL for further details by appending the text with ": see for further details." Code: X.8.20 Sample Text: has been temporarily rate limited Associated Basic Status Code: ???? Description: The listed IDENTITY has been temporarily rate limited and therefore the receiving system is rate limiting messages for a period of time. IDENTITY is normally an IP or domain. Administrators MAY include a URL for further details by appending the text with ": see for further details." Code: X.8.21 Sample Text: is a non-authorized sender for Associated Basic Status Code: ???? Description: The listed IDENTITY-A is not authorized to send on IDENTITY-B's behalf. IDENTITY is normally an IP or domain. Administrators MAY include a URL for further details by appending the text with ":see for further details." *NOTE: probably should be in security RFC* Macdonald Expires September 22, 2010 [Page 8] Internet-Draft SMTP Enhanced Status Codes for Ant-Spam March 2010 Code: X.8.22 Sample Text: message contains a virus Associated Basic Status Code: ???? Description: It has been determined by the receiver that the message (or one of it's attachments) contains a virus. Administrators MAY include a URL for further details by appending the text with ": see for further details." *NOTE: probably should be in security RFC* Code: X.8.23 Sample Text: has been permanently deferred Associated Basic Status Code: ???? Description: The listed IDENTITY has been permanently rate limited and therefore the receiving system is rate limiting messages. IDENTITY is normally an IP or domain. Administrators MAY include a URL for further details by appending the text with ": see for further details." Code: X.8.24 Sample Text: messages from not accepted Associated Basic Status Code: ???? Description: Mail from the listed IDENTITY is not allowed. IDENTITY is normally an IP or domain. Administrators MAY include a URL for further details by appending the text with ": see for further details." Code: X.8.25 Sample Text: messages from local dynamic network not accepted Associated Basic Status Code: ???? Description: Messages from a local dynamic IP are not accepted. Administrators MAY include a URL for further details by appending the text with ": see for further details." 3. Security Considerations As stated in [RFC1893], use of enhanced status codes may disclose additional information about how an internal mail system is implemented beyond that available through the SMTP status codes. Some of the proposed additions to the response code list are security related. Having these registered in one place to prevent collisions will improve their value. Security error responses can leak information to active attackers (e.g., the distinction between "user not found" and "bad password" during authentication). Documents defining security error codes should make it clear when this is the case, so that SMTP server software subject to such threats can provide appropriate controls to restrict exposure. Macdonald Expires September 22, 2010 [Page 9] Internet-Draft SMTP Enhanced Status Codes for Anti-Spam March 2010 4. Acknowledgements A special thanks goes to Tony Hansen for reviewing the initial version of this document over a year ago. Macdonald Expires September 22, 2010 [Page 10] Internet-Draft SMTP Enhanced Status Codes for Anti-Spam March 2010 5. References 5.1. Normative References [RFC3463] Vaudreuil, G., "Enhanced Mail System Status Codes", RFC 3463, January 2003. [RFC2821] Klensin, J., "Simple Mail Transfer Protocol", RFC 2821, April 2001. [RFC3886] Allman, E., "An Extensible Message Format for Message Tracking Responses", RFC 3886, September 2004. [RFC4468] Newman, C., "Message Submission BURL Extension", RFC 4468, May 2006. [RFC5248] .... 5.2. Informative References [RFC1893] Vaudreuil, G., "Enhanced Mail System Status Codes", RFC 1893, January 1996. [RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 2434, October 1998. Macdonald Expires September 22, 2010 [Page 11] Internet-Draft SMTP Enhanced Status Codes for Anti-Spam March 2010 URIs [1] Macdonald Expires September 22, 2010 [Page 12] Internet-Draft SMTP Enhanced Status Codes for Anti-Spam March 2010 Author's Address Jeff Macdonald e-Dialog 65 Network Drive Burlington, MA 01803 USA Email: jmacdonald@e-dialog.com Macdonald Expires September 22, 2010 [Page 13]