TOC 
Network Working GroupJ. Macdonald, Ed.
Internet-Drafte-Dialog
Updates: 3463 (if approved)September 14, 2010
Intended status: Standards Track 
Expires: March 18, 2011 


Suggested values for SMTP Enhanced Status Codes for Anti-Spam Policy
draft-macdonald-antispam-registry-01

Abstract

This document establishes a set of extended SMTP policy codes for anti-spam. It seeks to provide additional codes for error texts that currently use the extended SMTP error code 5.7.1. The anti-spam codes were determined by looking at error texts produced by major ISPs and finding commonalities. The result is a new set of error texts with associated extended SMTP error codes.

Status of this Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as “work in progress.”

This Internet-Draft will expire on March 18, 2011.

Copyright Notice

Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved.

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.



Table of Contents

1.  Introduction
2.  Introducing the Anti-Spam Subject
3.  Methodology of determining new detail codes
4.  IANA Considerations
    4.1.  Enumerated Status Codes
5.  Security Considerations
6.  Acknowledgements
7.  References
    7.1.  Normative References
    7.2.  Informative References
§  Author's Address




 TOC 

1.  Introduction

This RFC defines a set of Enhanced Status Codes [RFC3463] (Vaudreuil, “Enhanced Mail System Status Codes,” January 2003.) for SMTP related to anti-spam policy. These codes are to be registered with the IANA Mail Enhanced Status Codes registry as defined in [RFC5248] (Hansen, T., “A Registry for SMTP Enhanced Mail System Status Codes,” June 2008.). While Anti-Spam policy is inherently a local decision, assigning these codes helps troubleshoot problems and lower support costs by allowing sending administrators to resolve many problems themselves.

This document is being discussed on the SMTP mailing list, ietf-smtp@imc.org.



 TOC 

2.  Introducing the Anti-Spam Subject

The most common extended SMTP code assigned to anti-spam policy is 5.7.1. This is because the subject code of 7 is meant for security or policy. For anti-spam policy, the only logical detail code is 1, "Delivery not authorized, message refused". Using 5.7.1 for many different anti-spam policies weakens the usefulness of extended SMTP error codes. One of the motivations behind [RFC3463] (Vaudreuil, “Enhanced Mail System Status Codes,” January 2003.) was to re-distribute the classifications of SMTP error codes in order to provide a richer set of errors, and provide a means for machine-readable, human language independent status codes. Thus a new subject code of 8 is introduced for anti-spam policy.



 TOC 

3.  Methodology of determining new detail codes

All of the new detail text was gathered by surveying several existing large ISPs to see what messages were produce when presented with messages that violate their policies. An attempt was then made to coalesce the messages together into common themes. These themes where then simply assigned a detail number.

While this document provides suggested text for each detail code, alternate text can be provided if the text is in the spirit of the suggested text. This will allow sites to simply prepend the proper extended SMTP code to their existing text. Sites that are starting to implement anti-spam policy SHOULD use the text provided in this document.

While this document strives to document common anti-spam policies, it is by nature incomplete. [RFC3463] (Vaudreuil, “Enhanced Mail System Status Codes,” January 2003.) notes that new subject and detail codes will be added over time. This document is no exception to that and can be extended at future dates.



 TOC 

4.  IANA Considerations

IANA is directed to add the following values to the registry of Mail Enhanced Status Codes specified in [RFC5248] (Hansen, T., “A Registry for SMTP Enhanced Mail System Status Codes,” June 2008.).

The Mail Enhanced Status Codes registry will be modified to add a new subject sub-code having the value 8. This sub-code will be dedicated to anti-spam policy related SMTP errors.

All following entries will use the following common fields:

Reference: THIS RFC
Submitter: J. Macdonald
Change Controller: IESG

The following Subject Sub-code is defined:

Code: X.8.YYY
Summary: Anti-Spam policy related
Description: All status codes related to anti-spam policy that are not security related, as decided by a site administrator.



 TOC 

4.1.  Enumerated Status Codes

The following enumerated status codes are defined.

Code: X.8.0
Sample Text: Undefined Policy detail
Associated Basic Status Code: Any
Description: This enhanced status code SHOULD be returned when no other applicable anti-spam policy enhanced status code is appropriate. Administrators are encouraged to contact the Author stating how other detail codes fail to satisfy their criteria in order to facilitate an update to this RFC. Administrators SHOULD indicate what policy is being violated by including a URL providing further details by appending the text with ": see URL for further details." X.8.0 should be used for all errors for which there is no detail error known.

Code: X.8.1
Sample Text: message refused by local policy
Associated Basic Status Code: Any
Description: This indicates that something in the message has violated some local policy but the site administrator is not willing to divulge any further details as to what policy has been violated.

Code: X.8.2
Sample Text: excessive volume
Associated Basic Status Code: Any
Description: This indicates that some volume threshold has been reached. Administrators MAY include a URL for further details by appending the text with ": see URL for further details."

Code: X.8.3
Sample Text: IP listed on RBL RBL-NAME
Associated Basic Status Code: Any
Description: This indicates the connecting IP is listed on a real-time block list. Administrators MAY include a URL for further details by appending the text with ": see URL for further details."

Code: X.8.4
Sample Text: to many invalid recipients from sending domain or IP
Associated Basic Status Code: Any
Description: This indicates that the sending domain or IP has reached the receiving sites limit regarding invalid recipients. This is not to be used for to many recipients in a single message but for when the ratio of bad recipients vs good recipients has passed the receiving sites threshold. Administrators MAY include a URL for further details by appending the text with ": see URL for further details."

Code: X.8.5
Sample Text: Unacceptable content
Associated Basic Status Code: Any
Description: This indicates that the content had some object-able content. Content includes the entirety of the message body which includes the headers. Administrators MAY include a URL for further details by appending the text with ": see URL for further details."

Code: X.8.6
Sample Text: Suspected phishing attempt
Associated Basic Status Code: Any
Description: The receiving system suspects the messages is part of a phishing attempt. Administrators MAY include a URL for further details by appending the text with ": see URL for further details."

Code: X.8.7
Sample Text: IDENTITY is dynamically blocked due to complaints
Associated Basic Status Code: Any
Description: Users of the receiving system are complaining about email from the listed IDENTITY and therefore the receiving system is blocking further messages for a period of time. IDENTITY is normally an IP or domain. Administrators MAY include a URL for further details by appending the text with ": see URL for further details."

Code: X.8.8
Sample Text: IDENTITY is permanently blocked due to complaints
Associated Basic Status Code: Any
Description: Users of the receiving system are complaining about email from the listed identity and therefore the receiving system is PERMANANTLY blocking further messages. IDENTITY is normally an IP or domain. Administrators MAY include a URL for further details by appending the text with ": see URL for further details."

Code: X.8.9
Sample Text: this recipient will not accept any messages from IDENTITY
Associated Basic Status Code: Any
Description: The recipient has chosen to not accept message from IDENTITY. Administrators MAY include a URL for further details by appending the text with ": see URL for further details."

Code: X.8.10
Sample Text: IDENTITY is a dynamic IP
Associated Basic Status Code: Any
Description: The IDENTITY (an IP address) is a dynamic IP. Administrators MAY include a URL for further details by appending the text with ":see URL for further details."

Code: X.8.11
Sample Text: IDENTITY has been compromised
Associated Basic Status Code: Any
Description: It has been determined by the receiver (or a 3rd party the receiver is using) that the IDENTITY (an IP address or Domain) has been compromised. This is usually and indication that the machine hosting the IP is infected with a virus or is part of a Zombie network. Administrators MAY include a URL for further details by appending the text with ": see URL for further details."

Code: X.8.12
Sample Text: IDENTITY is an un-delegated IP
Associated Basic Status Code: Any
Description: The IDENTITY (an IP address) hasn't been assigned by IANA or any other authority that can assign an IP to an organization. Administrators MAY include a URL for further details by appending the text with ": see URL for further details."

Code: X.8.13
Sample Text: reverse DNS lookup for IDENTITY failed
Associated Basic Status Code: Any
Description: There was no hostname associated with the reverse DNS lookup of IDENTITY (an IP address). Administrators MAY include a URL for further details by appending the text with ": see URL for further details."

Code: X.8.14
Sample Text: IDENTITY is temporarily blocked
Associated Basic Status Code: Any
Description: The listed IDENTITY was blocked due to some threshold being reached and the block will lift itself after a period of time. IDENTITY is normally an IP or domain. Administrators MAY include a URL for further details by appending the text with ": see URL for further details."

Code: X.8.15
Sample Text: IDENTITY is permanently blocked
Associated Basic Status Code: Any
Description: The listed IDENTITY was blocked due to some threshold being reached. The block will NOT lift itself after a period of time. IDENTITY is normally an IP or Domain. Administrators MAY include a URL for further details by appending the text with ": see URL for further details."

Code: X.8.16
Sample Text: IDENTITY is an open relay
Associated Basic Status Code: Any
Description: The listed IDENTITY (normally an IP) was blocked because it is considered an open relay. Administrators MAY include a URL for further details by appending the text with ": see URL for further details."

Code: X.8.17
Sample Text: malformed content
Associated Basic Status Code: Any
Description: The content doesn't follow recommended formatting. This can be HTML related, URL related or RFC related. Administrators MAY include a URL for further details by appending the text with ":see URL for further details."

Code: X.8.18
Sample Text: recipients have complained about included content
Associated Basic Status code: Any
Description: Past recipients have complained about content that is also included in this message. Administrators MAY include a URL for further details by appending the text with ": see URL for further details."

Code: X.8.19
Sample Text: IDENTITY has been temporarily rate limited due to complaints
Associated Basic Status Code: Any
Description: Users of the receiving system are complaining about email from the listed IDENTITY and therefore the receiving system is rate limiting further messages for a period of time. IDENTITY is normally an IP or Domain. Administrators MAY include a URL for further details by appending the text with ": see URL for further details."

Code: X.8.20
Sample Text: IDENTITY has been temporarily rate limited
Associated Basic Status Code: Any
Description: The listed IDENTITY has been temporarily rate limited and therefore the receiving system is rate limiting messages for a period of time. IDENTITY is normally an IP or domain. Administrators MAY include a URL for further details by appending the text with ": see URL for further details."

Code: X.8.21
Sample Text: IDENTITY-A is a non-authorized sender for IDENTITY-B
Associated Basic Code: Any
Description: The listed IDENTITY-A is not authorized to send on IDENTITY-B's behalf. IDENTITY is normally an IP or domain. Administrators MAY include a URL for further details by appending the text with ":see URL for further details." *NOTE: probably should be in security RFC*

Code: X.8.22
Sample Text: message contains a virus
Associated Basic Status Code: Any
Description: It has been determined by the receiver that the message (or one of it's attachments) contains a virus. Administrators MAY include a URL for further details by appending the text with ": see URL for further details." *NOTE: probably should be in security RFC*

Code: X.8.23
Sample Text: IDENTITY has been permanently deferred
Associated Basic Status Code: Any
Description: The listed IDENTITY has been permanently rate limited and therefore the receiving system is rate limiting messages. IDENTITY is normally an IP or domain. Administrators MAY include a URL for further details by appending the text with ": see URL for further details."

Code: X.8.24
Sample Text: messages from IDENTITY not accepted
Associated Basic Status Code: Any
Description: Mail from the listed IDENTITY is not allowed. IDENTITY is normally an IP or domain. Administrators MAY include a URL for further details by appending the text with ": see URL for further details."

Code: X.8.25
Sample Text: messages from local dynamic network not accepted
Associated Basic Status Code: Any
Description: Messages from a local dynamic IP are not accepted. Administrators MAY include a URL for further details by appending the text with ": see URL for further details."



 TOC 

5.  Security Considerations

As stated in [RFC3463] (Vaudreuil, “Enhanced Mail System Status Codes,” January 2003.), use of enhanced status codes may disclose additional information about how an internal mail system is implemented beyond that available through the SMTP status codes.

Some of the proposed additions to the response code list are security related. Having these registered in one place to prevent collisions will improve their value. Security error responses can leak information to active attackers (e.g., the distinction between "user not found" and "bad password" during authentication). Documents defining security error codes should make it clear when this is the case, so that SMTP server software subject to such threats can provide appropriate controls to restrict exposure.



 TOC 

6.  Acknowledgements

A special thanks Tony Hansen, Murray S. Kucherawy, sm and Hector Santos for helpful comments.



 TOC 

7.  References



 TOC 

7.1. Normative References

[RFC3463] Vaudreuil, “Enhanced Mail System Status Codes,” January 2003.
[RFC5248] Hansen, T., “A Registry for SMTP Enhanced Mail System Status Codes,” June 2008.


 TOC 

7.2. Informative References

[RFC2434] Narten, N. and H. , “Guidelines for Writing an IANA Considerations Section in RFCs,” October 1998.


 TOC 

Author's Address

  Jeff Macdonald (editor)
  e-Dialog
  65 Network Drive
  Burlington, MA 01803
  USA
Email:  jmacdonald@e-dialog.com