Suggested values for SMTP Enhanced Status Codes for Anti-Spam Policy
draft-macdonald-antispam-registry-02
This document establishes a set of extended SMTP policy codes for anti-spam. It seeks to provide additional codes for error texts that currently use the extended SMTP error code 5.7.1. The anti-spam codes were determined by looking at error texts produced by major ISPs and finding commonalities. The result is a new set of error texts with associated extended SMTP error codes.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on November 06, 2011.
Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.
This RFC defines a set of Enhanced Status Codes [RFC3463] for SMTP related to anti-spam policy. These codes are to be registered with the IANA Mail Enhanced Status Codes registry as defined in [RFC5248]. While Anti-Spam policy is inherently a local decision, assigning these codes helps troubleshoot problems and lower support costs by allowing sending administrators to resolve many problems themselves.
This document is being discussed on the SMTP mailing list, ietf-smtp@imc.org.
The most common extended SMTP code assigned to anti-spam policy is 5.7.1. This is because the subject code of 7 is meant for security or policy. For anti-spam policy, the only logical detail code is 1, "Delivery not authorized, message refused". Using 5.7.1 for many different anti-spam policies weakens the usefulness of extended SMTP error codes. One of the motivations behind [RFC3463] was to re-distribute the classifications of SMTP error codes in order to provide a richer set of errors, and provide a means for machine-readable, human language independent status codes. Thus a new subject code of 8 is introduced for anti-spam policy.
All of the new detail text was gathered by surveying several existing large ISPs to see what messages were produce when presented with messages that violate their policies. An attempt was then made to coalesce the messages together into common themes. These themes where then simply assigned a detail number.
While this document provides suggested text for each detail code, alternate text can be provided if the text is in the spirit of the suggested text. This will allow sites to simply prepend the proper extended SMTP code to their existing text. Sites that are starting to implement anti-spam policy SHOULD use the text provided in this document.
While this document strives to document common anti-spam policies, it is by nature incomplete. [RFC3463] notes that new subject and detail codes will be added over time. This document is no exception to that and can be extended at future dates.
IANA is directed to add the following values to the registry of Mail Enhanced Status Codes specified in [RFC5248].
The Mail Enhanced Status Codes registry will be modified to add a new subject sub-code having the value 8. This sub-code will be dedicated to anti-spam policy related SMTP errors.
All following entries will use the following common fields:
|
|
Reference: |
THIS RFC |
Submitter: |
J. Macdonald |
Change Controller: |
IESG |
The following Subject Sub-code is defined:
|
|
Code: |
X.8.YYY |
Summary: |
Anti-Spam policy related |
Description: |
All status codes related to anti-spam policy that are not security related, as decided by a site administrator. |
The following enumerated status codes are defined.
|
|
Code: |
X.8.0 |
Sample Text: |
Undefined Policy detail |
Associated Basic Status Code: |
Any |
Description: |
This enhanced status code SHOULD be returned when no other applicable anti-spam policy enhanced status code is appropriate. Administrators are encouraged to contact the Author stating how other detail codes fail to satisfy their criteria in order to facilitate an update to this RFC. Administrators SHOULD indicate what policy is being violated by including a URL providing further details by appending the text with ": see URL for further details." X.8.0 should be used for all errors for which there is no detail error known. |
|
|
Code: |
X.8.1 |
Sample Text: |
message refused by local policy |
Associated Basic Status Code: |
Any |
Description: |
This indicates that something in the message has violated some local policy but the site administrator is not willing to divulge any further details as to what policy has been violated. |
|
|
Code: |
X.8.2 |
Sample Text: |
excessive volume |
Associated Basic Status Code: |
Any |
Description: |
This indicates that some volume threshold has been reached. Administrators MAY include a URL for further details by appending the text with ": see URL for further details." |
|
|
Code: |
X.8.3 |
Sample Text: |
IP listed on RBL RBL-NAME |
Associated Basic Status Code: |
Any |
Description: |
This indicates the connecting IP is listed on a real-time block list. Administrators MAY include a URL for further details by appending the text with ": see URL for further details." |
|
|
Code: |
X.8.4 |
Sample Text: |
to many invalid recipients from sending domain or IP |
Associated Basic Status Code: |
Any |
Description: |
This indicates that the sending domain or IP has reached the receiving sites limit regarding invalid recipients. This is not to be used for to many recipients in a single message but for when the ratio of bad recipients vs good recipients has passed the receiving sites threshold. Administrators MAY include a URL for further details by appending the text with ": see URL for further details." |
|
|
Code: |
X.8.5 |
Sample Text: |
Unacceptable content |
Associated Basic Status Code: |
Any |
Description: |
This indicates that the content had some object-able content. Content includes the entirety of the message body which includes the headers. Administrators MAY include a URL for further details by appending the text with ": see URL for further details." |
|
|
Code: |
X.8.6 |
Sample Text: |
Suspected phishing attempt |
Associated Basic Status Code: |
Any |
Description: |
The receiving system suspects the messages is part of a phishing attempt. Administrators MAY include a URL for further details by appending the text with ": see URL for further details." |
|
|
Code: |
X.8.7 |
Sample Text: |
IDENTITY is dynamically blocked due to complaints |
Associated Basic Status Code: |
Any |
Description: |
Users of the receiving system are complaining about email from the listed IDENTITY and therefore the receiving system is blocking further messages for a period of time. IDENTITY is normally an IP or domain. Administrators MAY include a URL for further details by appending the text with ": see URL for further details." |
|
|
Code: |
X.8.8 |
Sample Text: |
IDENTITY is permanently blocked due to complaints |
Associated Basic Status Code: |
Any |
Description: |
Users of the receiving system are complaining about email from the listed identity and therefore the receiving system is PERMANANTLY blocking further messages. IDENTITY is normally an IP or domain. Administrators MAY include a URL for further details by appending the text with ": see URL for further details." |
|
|
Code: |
X.8.9 |
Sample Text: |
this recipient will not accept any messages from IDENTITY |
Associated Basic Status Code: |
Any |
Description: |
The recipient has chosen to not accept message from IDENTITY. Administrators MAY include a URL for further details by appending the text with ": see URL for further details." |
|
|
Code: |
X.8.10 |
Sample Text: |
IDENTITY is a dynamic IP |
Associated Basic Status Code: |
Any |
Description: |
The IDENTITY (an IP address) is a dynamic IP. Administrators MAY include a URL for further details by appending the text with ":see URL for further details." |
|
|
Code: |
X.8.11 |
Sample Text: |
IDENTITY has been compromised |
Associated Basic Status Code: |
Any |
Description: |
It has been determined by the receiver (or a 3rd party the receiver is using) that the IDENTITY (an IP address or Domain) has been compromised. This is usually and indication that the machine hosting the IP is infected with a virus or is part of a Zombie network. Administrators MAY include a URL for further details by appending the text with ": see URL for further details." |
|
|
Code: |
X.8.12 |
Sample Text: |
IDENTITY is an un-delegated IP |
Associated Basic Status Code: |
Any |
Description: |
The IDENTITY (an IP address) hasn't been assigned by IANA or any other authority that can assign an IP to an organization. Administrators MAY include a URL for further details by appending the text with ": see URL for further details." |
|
|
Code: |
X.8.13 |
Sample Text: |
reverse DNS lookup for IDENTITY failed |
Associated Basic Status Code: |
Any |
Description: |
There was no hostname associated with the reverse DNS lookup of IDENTITY (an IP address). Administrators MAY include a URL for further details by appending the text with ": see URL for further details." |
|
|
Code: |
X.8.14 |
Sample Text: |
IDENTITY is temporarily blocked |
Associated Basic Status Code: |
Any |
Description: |
The listed IDENTITY was blocked due to some threshold being reached and the block will lift itself after a period of time. IDENTITY is normally an IP or domain. Administrators MAY include a URL for further details by appending the text with ": see URL for further details." |
|
|
Code: |
X.8.15 |
Sample Text: |
IDENTITY is permanently blocked |
Associated Basic Status Code: |
Any |
Description: |
The listed IDENTITY was blocked due to some threshold being reached. The block will NOT lift itself after a period of time. IDENTITY is normally an IP or Domain. Administrators MAY include a URL for further details by appending the text with ": see URL for further details." |
|
|
Code: |
X.8.16 |
Sample Text: |
IDENTITY is an open relay |
Associated Basic Status Code: |
Any |
Description: |
The listed IDENTITY (normally an IP) was blocked because it is considered an open relay. Administrators MAY include a URL for further details by appending the text with ": see URL for further details." |
|
|
Code: |
X.8.17 |
Sample Text: |
malformed content |
Associated Basic Status Code: |
Any |
Description: |
The content doesn't follow recommended formatting. This can be HTML related, URL related or RFC related. Administrators MAY include a URL for further details by appending the text with ":see URL for further details." |
|
|
Code: |
X.8.18 |
Sample Text: |
recipients have complained about included content |
Associated Basic Status code: |
Any |
Description: |
Past recipients have complained about content that is also included in this message. Administrators MAY include a URL for further details by appending the text with ": see URL for further details." |
|
|
Code: |
X.8.19 |
Sample Text: |
IDENTITY has been temporarily rate limited due to complaints |
Associated Basic Status Code: |
Any |
Description: |
Users of the receiving system are complaining about email from the listed IDENTITY and therefore the receiving system is rate limiting further messages for a period of time. IDENTITY is normally an IP or Domain. Administrators MAY include a URL for further details by appending the text with ": see URL for further details." |
|
|
Code: |
X.8.20 |
Sample Text: |
IDENTITY has been temporarily rate limited |
Associated Basic Status Code: |
Any |
Description: |
The listed IDENTITY has been temporarily rate limited and therefore the receiving system is rate limiting messages for a period of time. IDENTITY is normally an IP or domain. Administrators MAY include a URL for further details by appending the text with ": see URL for further details." |
|
|
Code: |
X.8.21 |
Sample Text: |
IDENTITY-A is a non-authorized sender for IDENTITY-B |
Associated Basic Code: |
Any |
Description: |
The listed IDENTITY-A is not authorized to send on IDENTITY-B's behalf. IDENTITY is normally an IP or domain. Administrators MAY include a URL for further details by appending the text with ":see URL for further details." *NOTE: probably should be in security RFC* |
|
|
Code: |
X.8.22 |
Sample Text: |
message contains a virus |
Associated Basic Status Code: |
Any |
Description: |
It has been determined by the receiver that the message (or one of it's attachments) contains a virus. Administrators MAY include a URL for further details by appending the text with ": see URL for further details." *NOTE: probably should be in security RFC* |
|
|
Code: |
X.8.23 |
Sample Text: |
IDENTITY has been permanently deferred |
Associated Basic Status Code: |
Any |
Description: |
The listed IDENTITY has been permanently rate limited and therefore the receiving system is rate limiting messages. IDENTITY is normally an IP or domain. Administrators MAY include a URL for further details by appending the text with ": see URL for further details." |
|
|
Code: |
X.8.24 |
Sample Text: |
messages from IDENTITY not accepted |
Associated Basic Status Code: |
Any |
Description: |
Mail from the listed IDENTITY is not allowed. IDENTITY is normally an IP or domain. Administrators MAY include a URL for further details by appending the text with ": see URL for further details." |
|
|
Code: |
X.8.25 |
Sample Text: |
messages from local dynamic network not accepted |
Associated Basic Status Code: |
Any |
Description: |
Messages from a local dynamic IP are not accepted. Administrators MAY include a URL for further details by appending the text with ": see URL for further details." |
|
|
Code: |
X.8.26 |
Sample Text: |
INDENTITY Greylisted, please retry later. |
Associated Basic Status Code: |
450 |
Description: |
This mail server has never seen email from IDENTITY before. RFC compliant MTAs would retry a delivery when a basic status code of 450 is returned by a receiving MTA. Administrators MAY include a URL for further details by appending the text with ": see URL for further details." |
As stated in [RFC3463], use of enhanced status codes may disclose additional information about how an internal mail system is implemented beyond that available through the SMTP status codes.
Some of the proposed additions to the response code list are security related. Having these registered in one place to prevent collisions will improve their value. Security error responses can leak information to active attackers (e.g., the distinction between "user not found" and "bad password" during authentication). Documents defining security error codes should make it clear when this is the case, so that SMTP server software subject to such threats can provide appropriate controls to restrict exposure.
A special thanks Tony Hansen, Murray S. Kucherawy, sm and Hector Santos for helpful comments.
7. References
7.1. Normative References
7.2. Informative References