Internet DRAFT - draft-duklev-deliveredto
draft-duklev-deliveredto
Network Working Group V. Dukhovni
Internet-Draft Bloomberg LP
Intended status: Informational J. Levine
Expires: 10 August 2022 Standcore LLC
6 February 2022
The Delivered-To Message Header Field
draft-duklev-deliveredto-01
Abstract
This document describes the existing usage of the Delivered-To header
field in e-mail messages.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 10 August 2022.
Copyright Notice
Copyright (c) 2022 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Dukhovni & Levine Expires 10 August 2022 [Page 1]
�
Internet-Draft deliveredto February 2022
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Header Field Syntax . . . . . . . . . . . . . . . . . . . . . 2
2.1. Loop Breaking . . . . . . . . . . . . . . . . . . . . . . 2
3. Related Header Fields . . . . . . . . . . . . . . . . . . . . 3
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 3
5. Security Considerations . . . . . . . . . . . . . . . . . . . 3
6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 3
7. Informative References . . . . . . . . . . . . . . . . . . . 3
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 4
1. Introduction
The Delivered-To message header field was introduced by the [qmail]
mail package in 1998, and adopted shortly afterward by [Postfix] and
[Courier]. Mail Delivery Agents (MDA) [RFC5598] use the header field
to detect and break delivery loops.
2. Header Field Syntax
The syntax of the Delivered-To header field is similar to other mail
message header fields. In the ABNF below, addr-spec is imported from
[RFC5322].
delivered-to = "Delivered-To:" addr-spec CRLF
The contents of the header field is an opaque string that is an MDA-
specific representation of the mailbox to which a message was
delivered. The string need not be, and often is not, an address to
which mail can be sent using SMTP.
The domain part of the addr-spec is typically a mail domain managed
by the MDA adding the header field, so the header field contents do
not collide with header fields created by other MDAs.
2.1. Loop Breaking
Some MDAs use the Delivered-To header field to break delivery loops
using the following method.
When an MDA is about to deliver a message, it creates a Delivered-To
header field that represents the target of the delivery, and then
scans the existing header fields in the message to see if an
identical Delivered-To header field is already present. If so, the
message is in a loop, and the delivery fails. If not, the MDA
prepends the header field to the message and proceeds with the
delivery.
Dukhovni & Levine Expires 10 August 2022 [Page 2]
�
Internet-Draft deliveredto February 2022
Delivered-To header fields are typically prepended to the message,
similarly to the way trace header fields are prepended, but the loop
breaking algorithm does not depend on the order of the header fields,
only whether an identical header field is already present.
3. Related Header Fields
Some MDAs add a different header field that records the actual RCPT
TO address in an SMTP or submission session that handled the message.
This header field is often called Envelope-To or X-Original-To, but
varies from one MDA to another.
4. IANA Considerations
IANA is requested to add the following entry to the Permanent Message
Header Field Names registry:
+==============+==========+==========+===============+===========+
| Header Field | Template | Protocol | Status | Reference |
| Name | | | | |
+==============+==========+==========+===============+===========+
| Delivered-To | (blank) | mail | informational | [this |
| | | | | document] |
+--------------+----------+----------+---------------+-----------+
Table 1
5. Security Considerations
Depending on the way that an MDA creates the Delivered-To header
field, it may be possible to guess internal details of the delivery
process from the contents of the header field. To avoid this, some
MDAs may obscure the Delivered-To contents by hashing or otherwise
transforming the part of contents to the left of the @-sign to make
it harder to reverse engineer.
Malicious senders have occasionally sent messages with a Delivered-To
header field that deliberately matches the one to be added by an MDA,
to provoke a bounce from that MDA to the envelope sender of the
message, causing what is known as "blowback spam." Mitigations are
the same as for any undeliverable mail that may have a forged
envelope sender address.
6. Acknowledgments
We thank Sam Varshavchik for his reviews and useful suggestions.
7. Informative References
Dukhovni & Levine Expires 10 August 2022 [Page 3]
�
Internet-Draft deliveredto February 2022
[Courier] Varshavchik, S., "Courier Mail Server", 2000,
<https://courier-mta.org>.
[Postfix] Venema, W., "Postfix", 1999, <http://www.postfix.org>.
[RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322,
DOI 10.17487/RFC5322, October 2008,
<https://www.rfc-editor.org/info/rfc5322>.
[RFC5598] Crocker, D., "Internet Mail Architecture", RFC 5598,
DOI 10.17487/RFC5598, July 2009,
<https://www.rfc-editor.org/info/rfc5598>.
[qmail] Bernstein, D.J., "qmail", 1998,
<https://cr.yp.to/qmail.html>.
Authors' Addresses
Viktor Dukhovni
Bloomberg LP
Email: ietf-dane@dukhovni.org
John Levine
Standcore LLC
Email: standards@standcore.com
Dukhovni & Levine Expires 10 August 2022 [Page 4]
