Network Working Group J. Macdonald, Ed. Internet-Draft Message Systems Updates: 3463 (if approved) May 5, 2011 Intended status: Standards Track Expires: November 6, 2011 Suggested values for SMTP Enhanced Status Codes for Anti-Spam Policy draft-macdonald-antispam-registry-02 Abstract This document establishes a set of extended SMTP policy codes for anti-spam. It seeks to provide additional codes for error texts that currently use the extended SMTP error code 5.7.1. The anti-spam codes were determined by looking at error texts produced by major ISPs and finding commonalities. The result is a new set of error texts with associated extended SMTP error codes. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on November 6, 2011. Copyright Notice Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Macdonald Expires November 6, 2011 [Page 1] Internet-Draft Enhanced Status Codes for Anti-Spam May 2011 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Introducing the Anti-Spam Subject . . . . . . . . . . . . . . 3 3. Methodology of determining new detail codes . . . . . . . . . 3 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 4.1. Enumerated Status Codes . . . . . . . . . . . . . . . . . 4 5. Security Considerations . . . . . . . . . . . . . . . . . . . 13 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 13 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 13 7.1. Normative References . . . . . . . . . . . . . . . . . . . 13 7.2. Informative References . . . . . . . . . . . . . . . . . . 14 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 14 Macdonald Expires November 6, 2011 [Page 2] Internet-Draft Enhanced Status Codes for Anti-Spam May 2011 1. Introduction This RFC defines a set of Enhanced Status Codes [RFC3463] for SMTP related to anti-spam policy. These codes are to be registered with the IANA Mail Enhanced Status Codes registry as defined in [RFC5248]. While Anti-Spam policy is inherently a local decision, assigning these codes helps troubleshoot problems and lower support costs by allowing sending administrators to resolve many problems themselves. This document is being discussed on the SMTP mailing list, ietf-smtp@imc.org. 2. Introducing the Anti-Spam Subject The most common extended SMTP code assigned to anti-spam policy is 5.7.1. This is because the subject code of 7 is meant for security or policy. For anti-spam policy, the only logical detail code is 1, "Delivery not authorized, message refused". Using 5.7.1 for many different anti-spam policies weakens the usefulness of extended SMTP error codes. One of the motivations behind [RFC3463] was to re- distribute the classifications of SMTP error codes in order to provide a richer set of errors, and provide a means for machine- readable, human language independent status codes. Thus a new subject code of 8 is introduced for anti-spam policy. 3. Methodology of determining new detail codes All of the new detail text was gathered by surveying several existing large ISPs to see what messages were produce when presented with messages that violate their policies. An attempt was then made to coalesce the messages together into common themes. These themes where then simply assigned a detail number. While this document provides suggested text for each detail code, alternate text can be provided if the text is in the spirit of the suggested text. This will allow sites to simply prepend the proper extended SMTP code to their existing text. Sites that are starting to implement anti-spam policy SHOULD use the text provided in this document. While this document strives to document common anti-spam policies, it is by nature incomplete. [RFC3463] notes that new subject and detail codes will be added over time. This document is no exception to that and can be extended at future dates. Macdonald Expires November 6, 2011 [Page 3] Internet-Draft Enhanced Status Codes for Anti-Spam May 2011 4. IANA Considerations IANA is directed to add the following values to the registry of Mail Enhanced Status Codes specified in [RFC5248]. The Mail Enhanced Status Codes registry will be modified to add a new subject sub-code having the value 8. This sub-code will be dedicated to anti-spam policy related SMTP errors. All following entries will use the following common fields: +--------------------+--------------+ | Reference: | THIS RFC | | Submitter: | J. Macdonald | | Change Controller: | IESG | +--------------------+--------------+ The following Subject Sub-code is defined: +--------------+----------------------------------------------------+ | Code: | X.8.YYY | | Summary: | Anti-Spam policy related | | Description: | All status codes related to anti-spam policy that | | | are not security related, as decided by a site | | | administrator. | +--------------+----------------------------------------------------+ 4.1. Enumerated Status Codes The following enumerated status codes are defined. +--------------+----------------------------------------------------+ | Code: | X.8.0 | | Sample Text: | Undefined Policy detail | | Associated | Any | | Basic Status | | | Code: | | Macdonald Expires November 6, 2011 [Page 4] Internet-Draft Enhanced Status Codes for Anti-Spam May 2011 | Description: | This enhanced status code SHOULD be returned when | | | no other applicable anti-spam policy enhanced | | | status code is appropriate. Administrators are | | | encouraged to contact the Author stating how other | | | detail codes fail to satisfy their criteria in | | | order to facilitate an update to this RFC. | | | Administrators SHOULD indicate what policy is | | | being violated by including a URL providing | | | further details by appending the text with ": see | | | URL for further details." X.8.0 should be used | | | for all errors for which there is no detail error | | | known. | +--------------+----------------------------------------------------+ +--------------+----------------------------------------------------+ | Code: | X.8.1 | | Sample Text: | message refused by local policy | | Associated | Any | | Basic Status | | | Code: | | | Description: | This indicates that something in the message has | | | violated some local policy but the site | | | administrator is not willing to divulge any | | | further details as to what policy has been | | | violated. | +--------------+----------------------------------------------------+ +--------------+----------------------------------------------------+ | Code: | X.8.2 | | Sample Text: | excessive volume | | Associated | Any | | Basic Status | | | Code: | | | Description: | This indicates that some volume threshold has been | | | reached. Administrators MAY include a URL for | | | further details by appending the text with ": see | | | URL for further details." | +--------------+----------------------------------------------------+ +--------------+----------------------------------------------------+ | Code: | X.8.3 | | Sample Text: | IP listed on RBL RBL-NAME | | Associated | Any | | Basic Status | | | Code: | | Macdonald Expires November 6, 2011 [Page 5] Internet-Draft Enhanced Status Codes for Anti-Spam May 2011 | Description: | This indicates the connecting IP is listed on a | | | real-time block list. Administrators MAY include | | | a URL for further details by appending the text | | | with ": see URL for further details." | +--------------+----------------------------------------------------+ +--------------+----------------------------------------------------+ | Code: | X.8.4 | | Sample Text: | to many invalid recipients from sending domain or | | | IP | | Associated | Any | | Basic Status | | | Code: | | | Description: | This indicates that the sending domain or IP has | | | reached the receiving sites limit regarding | | | invalid recipients. This is not to be used for to | | | many recipients in a single message but for when | | | the ratio of bad recipients vs good recipients has | | | passed the receiving sites threshold. | | | Administrators MAY include a URL for further | | | details by appending the text with ": see URL for | | | further details." | +--------------+----------------------------------------------------+ +--------------+----------------------------------------------------+ | Code: | X.8.5 | | Sample Text: | Unacceptable content | | Associated | Any | | Basic Status | | | Code: | | | Description: | This indicates that the content had some | | | object-able content. Content includes the | | | entirety of the message body which includes the | | | headers. Administrators MAY include a URL for | | | further details by appending the text with ": see | | | URL for further details." | +--------------+----------------------------------------------------+ +--------------+----------------------------------------------------+ | Code: | X.8.6 | | Sample Text: | Suspected phishing attempt | | Associated | Any | | Basic Status | | | Code: | | Macdonald Expires November 6, 2011 [Page 6] Internet-Draft Enhanced Status Codes for Anti-Spam May 2011 | Description: | The receiving system suspects the messages is part | | | of a phishing attempt. Administrators MAY include | | | a URL for further details by appending the text | | | with ": see URL for further details." | +--------------+----------------------------------------------------+ +--------------+----------------------------------------------------+ | Code: | X.8.7 | | Sample Text: | IDENTITY is dynamically blocked due to complaints | | Associated | Any | | Basic Status | | | Code: | | | Description: | Users of the receiving system are complaining | | | about email from the listed IDENTITY and therefore | | | the receiving system is blocking further messages | | | for a period of time. IDENTITY is normally an IP | | | or domain. Administrators MAY include a URL for | | | further details by appending the text with ": see | | | URL for further details." | +--------------+----------------------------------------------------+ +--------------+----------------------------------------------------+ | Code: | X.8.8 | | Sample Text: | IDENTITY is permanently blocked due to complaints | | Associated | Any | | Basic Status | | | Code: | | | Description: | Users of the receiving system are complaining | | | about email from the listed identity and therefore | | | the receiving system is PERMANANTLY blocking | | | further messages. IDENTITY is normally an IP or | | | domain. Administrators MAY include a URL for | | | further details by appending the text with ": see | | | URL for further details." | +--------------+----------------------------------------------------+ +--------------+----------------------------------------------------+ | Code: | X.8.9 | | Sample Text: | this recipient will not accept any messages from | | | IDENTITY | | Associated | Any | | Basic Status | | | Code: | | | Description: | The recipient has chosen to not accept message | | | from IDENTITY. Administrators MAY include a URL | | | for further details by appending the text with ": | | | see URL for further details." | +--------------+----------------------------------------------------+ Macdonald Expires November 6, 2011 [Page 7] Internet-Draft Enhanced Status Codes for Anti-Spam May 2011 +--------------+----------------------------------------------------+ | Code: | X.8.10 | | Sample Text: | IDENTITY is a dynamic IP | | Associated | Any | | Basic Status | | | Code: | | | Description: | The IDENTITY (an IP address) is a dynamic IP. | | | Administrators MAY include a URL for further | | | details by appending the text with ":see URL for | | | further details." | +--------------+----------------------------------------------------+ +--------------+----------------------------------------------------+ | Code: | X.8.11 | | Sample Text: | IDENTITY has been compromised | | Associated | Any | | Basic Status | | | Code: | | | Description: | It has been determined by the receiver (or a 3rd | | | party the receiver is using) that the IDENTITY (an | | | IP address or Domain) has been compromised. This | | | is usually and indication that the machine hosting | | | the IP is infected with a virus or is part of a | | | Zombie network. Administrators MAY include a URL | | | for further details by appending the text with ": | | | see URL for further details." | +--------------+----------------------------------------------------+ +--------------+----------------------------------------------------+ | Code: | X.8.12 | | Sample Text: | IDENTITY is an un-delegated IP | | Associated | Any | | Basic Status | | | Code: | | | Description: | The IDENTITY (an IP address) hasn't been assigned | | | by IANA or any other authority that can assign an | | | IP to an organization. Administrators MAY include | | | a URL for further details by appending the text | | | with ": see URL for further details." | +--------------+----------------------------------------------------+ Macdonald Expires November 6, 2011 [Page 8] Internet-Draft Enhanced Status Codes for Anti-Spam May 2011 +--------------+----------------------------------------------------+ | Code: | X.8.13 | | Sample Text: | reverse DNS lookup for IDENTITY failed | | Associated | Any | | Basic Status | | | Code: | | | Description: | There was no hostname associated with the reverse | | | DNS lookup of IDENTITY (an IP address). | | | Administrators MAY include a URL for further | | | details by appending the text with ": see URL for | | | further details." | +--------------+----------------------------------------------------+ +--------------+----------------------------------------------------+ | Code: | X.8.14 | | Sample Text: | IDENTITY is temporarily blocked | | Associated | Any | | Basic Status | | | Code: | | | Description: | The listed IDENTITY was blocked due to some | | | threshold being reached and the block will lift | | | itself after a period of time. IDENTITY is | | | normally an IP or domain. Administrators MAY | | | include a URL for further details by appending the | | | text with ": see URL for further details." | +--------------+----------------------------------------------------+ +--------------+----------------------------------------------------+ | Code: | X.8.15 | | Sample Text: | IDENTITY is permanently blocked | | Associated | Any | | Basic Status | | | Code: | | | Description: | The listed IDENTITY was blocked due to some | | | threshold being reached. The block will NOT lift | | | itself after a period of time. IDENTITY is | | | normally an IP or Domain. Administrators MAY | | | include a URL for further details by appending the | | | text with ": see URL for further details." | +--------------+----------------------------------------------------+ Macdonald Expires November 6, 2011 [Page 9] Internet-Draft Enhanced Status Codes for Anti-Spam May 2011 +--------------+----------------------------------------------------+ | Code: | X.8.16 | | Sample Text: | IDENTITY is an open relay | | Associated | Any | | Basic Status | | | Code: | | | Description: | The listed IDENTITY (normally an IP) was blocked | | | because it is considered an open relay. | | | Administrators MAY include a URL for further | | | details by appending the text with ": see URL for | | | further details." | +--------------+----------------------------------------------------+ +--------------+----------------------------------------------------+ | Code: | X.8.17 | | Sample Text: | malformed content | | Associated | Any | | Basic Status | | | Code: | | | Description: | The content doesn't follow recommended formatting. | | | This can be HTML related, URL related or RFC | | | related. Administrators MAY include a URL for | | | further details by appending the text with ":see | | | URL for further details." | +--------------+----------------------------------------------------+ +--------------+----------------------------------------------------+ | Code: | X.8.18 | | Sample Text: | recipients have complained about included content | | Associated | Any | | Basic Status | | | code: | | | Description: | Past recipients have complained about content that | | | is also included in this message. Administrators | | | MAY include a URL for further details by appending | | | the text with ": see URL for further details." | +--------------+----------------------------------------------------+ +--------------+----------------------------------------------------+ | Code: | X.8.19 | | Sample Text: | IDENTITY has been temporarily rate limited due to | | | complaints | | Associated | Any | | Basic Status | | | Code: | | Macdonald Expires November 6, 2011 [Page 10] Internet-Draft Enhanced Status Codes for Anti-Spam May 2011 | Description: | Users of the receiving system are complaining | | | about email from the listed IDENTITY and therefore | | | the receiving system is rate limiting further | | | messages for a period of time. IDENTITY is | | | normally an IP or Domain. Administrators MAY | | | include a URL for further details by appending the | | | text with ": see URL for further details." | +--------------+----------------------------------------------------+ +--------------+----------------------------------------------------+ | Code: | X.8.20 | | Sample Text: | IDENTITY has been temporarily rate limited | | Associated | Any | | Basic Status | | | Code: | | | Description: | The listed IDENTITY has been temporarily rate | | | limited and therefore the receiving system is rate | | | limiting messages for a period of time. IDENTITY | | | is normally an IP or domain. Administrators MAY | | | include a URL for further details by appending the | | | text with ": see URL for further details." | +--------------+----------------------------------------------------+ +--------------+----------------------------------------------------+ | Code: | X.8.21 | | Sample Text: | IDENTITY-A is a non-authorized sender for | | | IDENTITY-B | | Associated | Any | | Basic Code: | | | Description: | The listed IDENTITY-A is not authorized to send on | | | IDENTITY-B's behalf. IDENTITY is normally an IP | | | or domain. Administrators MAY include a URL for | | | further details by appending the text with ":see | | | URL for further details." *NOTE: probably should | | | be in security RFC* | +--------------+----------------------------------------------------+ +--------------+----------------------------------------------------+ | Code: | X.8.22 | | Sample Text: | message contains a virus | | Associated | Any | | Basic Status | | | Code: | | Macdonald Expires November 6, 2011 [Page 11] Internet-Draft Enhanced Status Codes for Anti-Spam May 2011 | Description: | It has been determined by the receiver that the | | | message (or one of it's attachments) contains a | | | virus. Administrators MAY include a URL for | | | further details by appending the text with ": see | | | URL for further details." *NOTE: probably should | | | be in security RFC* | +--------------+----------------------------------------------------+ +--------------+----------------------------------------------------+ | Code: | X.8.23 | | Sample Text: | IDENTITY has been permanently deferred | | Associated | Any | | Basic Status | | | Code: | | | Description: | The listed IDENTITY has been permanently rate | | | limited and therefore the receiving system is rate | | | limiting messages. IDENTITY is normally an IP or | | | domain. Administrators MAY include a URL for | | | further details by appending the text with ": see | | | URL for further details." | +--------------+----------------------------------------------------+ +--------------+----------------------------------------------------+ | Code: | X.8.24 | | Sample Text: | messages from IDENTITY not accepted | | Associated | Any | | Basic Status | | | Code: | | | Description: | Mail from the listed IDENTITY is not allowed. | | | IDENTITY is normally an IP or domain. | | | Administrators MAY include a URL for further | | | details by appending the text with ": see URL for | | | further details." | +--------------+----------------------------------------------------+ +--------------+----------------------------------------------------+ | Code: | X.8.25 | | Sample Text: | messages from local dynamic network not accepted | | Associated | Any | | Basic Status | | | Code: | | | Description: | Messages from a local dynamic IP are not accepted. | | | Administrators MAY include a URL for further | | | details by appending the text with ": see URL for | | | further details." | +--------------+----------------------------------------------------+ Macdonald Expires November 6, 2011 [Page 12] Internet-Draft Enhanced Status Codes for Anti-Spam May 2011 +--------------+----------------------------------------------------+ | Code: | X.8.26 | | Sample Text: | INDENTITY Greylisted, please retry later. | | Associated | 450 | | Basic Status | | | Code: | | | Description: | This mail server has never seen email from | | | IDENTITY before. RFC compliant MTAs would retry a | | | delivery when a basic status code of 450 is | | | returned by a receiving MTA. Administrators MAY | | | include a URL for further details by appending the | | | text with ": see URL for further details." | +--------------+----------------------------------------------------+ 5. Security Considerations As stated in [RFC3463], use of enhanced status codes may disclose additional information about how an internal mail system is implemented beyond that available through the SMTP status codes. Some of the proposed additions to the response code list are security related. Having these registered in one place to prevent collisions will improve their value. Security error responses can leak information to active attackers (e.g., the distinction between "user not found" and "bad password" during authentication). Documents defining security error codes should make it clear when this is the case, so that SMTP server software subject to such threats can provide appropriate controls to restrict exposure. 6. Acknowledgements A special thanks Tony Hansen, Murray S. Kucherawy, sm and Hector Santos for helpful comments. 7. References 7.1. Normative References [RFC3463] Vaudreuil, G., "Enhanced Mail System Status Codes", RFC 3463, January 2003. [RFC5248] Hansen, T. and J. Klensin, "A Registry for SMTP Enhanced Mail System Status Codes", BCP 138, RFC 5248, June 2008. Macdonald Expires November 6, 2011 [Page 13] Internet-Draft Enhanced Status Codes for Anti-Spam May 2011 7.2. Informative References [RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 2434, October 1998. Author's Address Jeff Macdonald (editor) Message Systems 7070 Samuel Morse Drive - Suite 150 Columbia, MD 21046 USA Email: jeff.macdonald@messagesystems.com Macdonald Expires November 6, 2011 [Page 14]