Internet DRAFT - draft-szego-wcor-pop
draft-szego-wcor-pop
Internet-Draft D. Szego
Standards Track david@mindslip.org
Document: draft-szego-wcor-pop-00.txt January 2006
Welcomed Correspondence Extensions to POP3
Network Working Group
Internet-Draft Submission
Category: Standards Track
Status of This Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" [STD1] for the standardization state and
status of this protocol.
By submitting this Internet-Draft, each author represents
that any applicable patent or other IPR claims of which he
or she is aware have been or will be disclosed, and any of
which he or she becomes aware will be disclosed, in
accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that other
groups may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference material
or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
A revised version of this draft document will be submitted to the RFC
editor as a Standard Track RFC for the Internet Community.
Discussion and suggestions for improvement are requested, and should
be sent to david@mindslip.org .
Distribution of this memo is unlimited.
Copyright (C) The Internet Society (2006). All Rights Reserved.
�
Table of Contents
1. Abstract
1.1. Terminology
1.1. Parameters
2. WCOR Service Extension Overview
2.1. WC Lists
2.1.1. Contents of the Welcome List
2.1.2. Contents of the Unwelcome List
2.1.3. Contents of the Pending List
2.2. New Correspondence Requests
3. Commands and Headers
3.1. Identification of a WC-Compliant Mail Client
3.2. The LISTNEWREQ Command
3.3. The LISTPENDREQ Command
3.4. The ALLOW Command
3.5. The BLOCK Command
3.6. The LISTALLOWED Command
3.7. The LISTBLOCKED Command
4. Handling Email
4.1. From WC-Compliant MTA's
4.2. From Non-WC-Compliant MTA's
5. Handling Non-WC-Compliant Mail Clients:
"New Correspondence Requests"
6. IANA Registry Considerations
7. Security Considerations
8. Full Copyright Statement
9. References
10. Author's Address
1. Abstract
This document describes in detail the WCOR ("Welcomed
Correspondence", or WCor/WC for short) extension to POP3.
"Welcomed Correspondence" is explained in detail in Internet-Draft
draft-szego-wcor-overview-00.txt [WCor-Overview]. This extension is
based on the standard "POP3 Extension Mechanism" described in RFC 2449
[RFC2449]. Welcomed Correspondence capabilities are identified by the
WCOR keyword (POP3 extensions disallow "X-" prefixes) in the POP3
capabilities list presented by a WC-Compliant POP3 server
implementation.
1.1. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHOULD", "SHOULD NOT",
"RECOMMENDED", and "MAY" in this document are to be interpreted as
defined in BCP 14, RFC 2119 [KEYWORDS].
All syntax described in this document follows the syntax conventions
of RFC 1738 [RFC1738].
In examples, "C:" and "S:" indicate lines sent by the client and
server respectively.
�
1.2. Parameters
The following parameters are referenced below:
<email@as.per.rfc822.tld> (or <email@as.per.rfc822.tld>),
<orig-msg-id>, <orig-server>
The <email@as.per.rfc822.tld> parameter specifies the sender's email
address, as specified in RFC 822 [RFC822] section 6, "Address
Specifications".
The <orig-msg-id> parameter specifies the ID of the initial contact
email sent from the sender in question to the recipient in question.
This is taken from the SMTP "Message-ID" header if the initial contact
email was sent from a non-WC-Compliant SMTP server. If sent from a
WC-Compliant SMTP server, the server would have added a WCor
<orig-msg-id> header to the email, which MUST be used if present. In
either case, this message ID MUST be used for all further references to
the initial contact message between sender and recipient.
The <orig-server> parameter specifies the SMTP server from which the
sender had sent the initial contact email. If sent from a
non-WC-Compliant SMTP server, this is gleaned from the SMTP
"Return-Path" header. If sent from a WC-Compliant SMTP server, the
server would have added a WCor <orig-server> header, containing the FQDN
of the sending server, which MUST be used instead. In either case, this
server ID MUST be used for all further references to the accepted SMTP
server of a senders email.
All commands take their parameters in a form matching RFC 2449
[RFC2449] section 3, "General Command and Response Grammar".
2. WCOR Capability Extension Overview
The WCOR capability provides Welcomed Correspondence extensions to a
POP3 server by allowing the POP3 server and client to interact directly
with a user's Welcome, Unwelcome, and Pending lists. This extension
MUST only be available in the TRANSACTION state, in order to assure
manipulation of the proper users lists, that is, the currently
authenticated user.
2.1. WC Lists
WC Lists are white and black lists (and an "unspecified" list) of
Welcomed and Unwelcome and Pending email senders. Each valid account on
a WCor-compliant POP server MUST have one set of lists. A WC-compliant
POP server MUST be able to interact with these lists, either directly or
indirectly. Actual interaction methods (database, etc.) are not
specified in this document and are left up to the implementation. It is
RECOMMENDED that any system which implements a unified
ESMTP/POP3/IMAP4/Email client suite uses a consistant method of
interacting with only a single set of lists.
�
2.1.1. Contents of the Welcome List
The Welcome list MUST contain only a sender's
<email@as.per.rfc822.tld>, <orig-server> and <orig-msg-id> information.
2.1.2. Contents of the Unwelcome List
The Unwelcome list MUST contain only a sender's
<email@as.per.rfc822.tld>, <orig-server> and <orig-msg-id> information,
the date of receipt of the initial email, and the subject line of the
initial contact email.
2.1.3. Contents of the Pending List
The Pending list MUST contain only a sender's
<email@as.per.rfc822.tld>, <orig-server> and <orig-msg-id> information,
the date of receipt of the initial email, and the subject line of the
initial contact email. Each entry can be flagged as a "New
Correspondence Request", if it is within a certain age.
2.2. New Correspondence Requests
An email from a sender who is not present in either the Welcome,
Unwelcome, or Pending list is considered a "New Correspondent", and the
email considered an "Initial Contact Email". The new email MUST be put
in the recipient's Pending list and flagged as a "New Correspondence
Request". (See below, section 5.)
�
3. WCOR Commands
The WCOR capability is defined as per RFC 2449 [RFC2449] as follows:
WCOR capability
CAPA tag:
WCOR
Arguments:
none
Added commands:
LISTNEWREQ LISTPENDREQ ALLOW BLOCK LISTALLOWED LISTBLOCKED
SENDUPDATE
Standard commands affected:
none
Commands vaild in states:
TRANSACTION
Specification reference:
This document, and Internet-Draft [WCor-Overview]
Announced states / possible differences:
both / no
WCOR capability indicates that the following commands MUST be
available:
LISTNEWREQ
List New Correspondence Requests
LISTPENDREQ
List pending Correspondence Requests. This MAY include New
Correspondence Requests
ALLOW
Add a sender to the user's Welcome list, allowing further mail
from this sender
BLOCK
Add a sender to the user's Unwelcome list, blocking further
mail from this sender
LISTALLOWED
List Welcome senders
LISTBLOCKED
List Unwelcome senders
SENDUPDATE
Alert Welcome senders of address changes
These commands are described below.
�
3.1. Identification of a WC-Compliant Mail Client
Mail clients will identify themselves as WC-Compliant by issuing the
WCOR command in the TRANSACTION state.
The server MUST reply with a proper POP3 "+OK" result if it is
offering Welcomed Correspondence capabilities.
Example:
C: WCOR
S: +OK
Failure of the WCOR command MUST result in a proper POP3 "-ERR"
message. The text of the result SHOULD include a comment explaining why
the command failed.
Example:
C: WCOR
S: -ERR Authenticate first
C: WCOR
S: -ERR Can't access WC lists at this time
3.2. The LISTNEWREQ Command
The LISTNEWREQ command generates a list of "New Correspondence
Requests" from the WC-Compliant POP3 server, for the authenticated user.
Once presented in a New Correspondence Request list, a sender SHOULD
be un-marked as "New" within a reasonable time. This allows for a New
Correspondence Request to be left unanswered for an amount of time.
After this time, the WC-Compliant POP3 server SHOULD remove the sender's
"New" flag from the Pending list automatically, thus causing the sender
to be seen as a result of the LISTPENDREQ command rather than the
LISTNEWREQ command.
The LISTNEWREQ command does not take any parameters.
This command MUST reply with a proper POP3 "+OK" result if there are
zero (0) or more entries in the user's Pending list marked as New
Correspondence Requests. The initial text of the result SHOULD include
a commant detailing the number of New Correspondence Requests.
Example:
C: LISTNEWREQ
S: +OK There are no New Correspondence Requests at this time.
If there is one (1) or more entries in the user's Pending list marked
as New Correspondence Requests, the POP3 server MUST respond with each
entry on a separate line after the "+OK" reply. The list MUST be
terminated with a single "." on a final line by itself. Blank lines
MUST NOT appear between list entries.
�
The format for the response is as follows:
Name-if-given <email@as.per.rfc822.tld> <SP> <orig-server> <SP>
<Receipt-Date> <SP> Subject to end of line <EOL>
Example:
C: LISTNEWREQ
S: +OK You have 3 New Correspondence Requests:
S: David Szego <dszego@mindslip.com> smtp.mindslip.com
11022004-213233 Re: Your question
S: John Doe <jdoe@sender.net> mail.spam.com 12022004-094312 Buy
Pharmaceuticals Online!
S: spam@spammer.com fake.spam.net 12022004-125326 E.n.l.a.r.g.e
yourself
S: .
Failure of the LISTNEWREQ command MUST result in a proper POP3 "-ERR"
result. The text of the result SHOULD include a comment explaining why
the command failed.
Example:
C: LISTNEWREQ
S: -ERR Cannot access WC lists at this time
3.3. The LISTPENDREQ Command
The LISTPENDREQ command generates a list of pending Correspondence
Requests from the user's Pending list. This SHOULD also include any
Pending requests marked as "New". Issuing this command MAY cause the
POP3 server to mark "New Correspondence Requests" as no longer new, but
this MUST NOT occur if the entries have not already been presented as a
result of the LISTNEWREQ command.
The LISTPENDREQ command does not take any parameters.
This command MUST reply with a proper POP3 "+OK" result if there are
zero (0) or more entries in the user's Pending list. The initial text
of the result SHOULD include a comment detailing the number of Pending
Correspondence Requests.
Example:
C: LISTPENDREQ
S: +OK There are no pending Correspondence Requests at this time
If there is one (1) or more entries in the user's Pending list marked
as New Correspondence Requests, the POP3 server MUST respond with each
entry on a separate line after the "+OK" reply. The list MUST be
terminated with a single "." on a final line by itself. Blank lines
MUST NOT appear between list entries.
The format for the response is as follows:
Name-if-given <email@as.per.rfc822.tld> <SP> <orig-server> <SP>
<Receipt-Date> <SP> Subject to end of line <EOL>
�
Example:
C: LISTPENDREQ
S: +OK You have 3 pending Correspondence Requests:
S: David Szego <dszego@mindslip.com> smtp.mindslip.com
11022004-213233 Re: Your question
S: John Doe <jdoe@sender.net> mail.spam.com 12022004-094312 Buy
Pharmaceuticals Online!
S: spam@spammer.com asdf.fake.net 12022004-125326 E.n.l.a.r.g.e
yourself
S: .
Failure of the LISTPENDREQ command MUST result in a proper POP3
"-ERR" result. The text of the result SHOULD include a comment
explaining why the command failed.
Example:
C: LISTPENDREQ
S: -ERR Cannot access WC lists at this time
3.4. The ALLOW Command
The ALLOW command tells the WC-Compliant POP3 server to add a sender
to a user's Welcome list, thus allowing (welcoming) further emails from
this sender.
The ALLOW command takes the following parameters:
<email@as.per.rfc822.tld> <SP> <orig-server> <SP> <orig-msg-id>
Example:
ALLOW dszego@mindslip.com smtp.sender.net
1234567.98765432@smtp.sender.net
Successful addition of this sender to a user's Welcome list MUST
result in a proper POP3 "+OK" reply. The text of the result SHOULD
include a comment explaining that the sender has been added to the
user's Welcome list.
Example:
C: ALLOW dszego@mindslip.com smtp.sender.net
1234567.98765432@smtp.sender.net
S: +OK dszego@mindslip.com is now allowed to send you email
Entire domains can be allowed by specifying the asterisk wildcard.
This is especially useful for intranets and corporate correspondence.
The entry will permanently sit in the "Pending" list, but will
automatically respond as an ALLOW to any incoming email address from the
specified domain, which isn't already in the Welcome list. The
orig-msg-id portion specifying a message ID MUST be a unique string
generated by the allowing server. The orig-msg-id portion specifying
the domain MUST match the domain being allowed (as opposed to the
particular sending server).
Example:
C: ALLOW *@mindslip.com mindslip.com 1234567.09876543@mindslip.com
S: +OK The domain mindslip.com is now allowed to send you email
�
Failure of the ALLOW command MUST result in a proper POP3 "-ERR"
message. The text of the result SHOULD include a comment explaining why
the command failed.
Example:
C: ALLOW dszego@mindslip.com smtp.sender.net
1234567.98765432@smtp.sender.net
S: -ERR Cannot access WC lists at this time
Addition of a user already present in the Welcome list MUST result in
success, in order to avoid needless parsing of error messages.
An ALLOW command MUST cause the POP3 server to check for the presence
of the sender's <email@as.per.rfc822.tld> / <orig-server> /
<orig-msg-id> in both the Pending and Unwelcome lists. If the sender
being allowed is present in either list, it must be removed from that
list in order to properly reflect the acceptance state of this sender.
Entries are not considered duplicate if they have the same email
address, but do not have the same <orig-server> and <orig-msg-id>
information. This allows senders to send from multiple SMTP servers.
Senders specified in an ALLOW command MUST be added if the command
parameters are valid, even if they have not been found in the other
lists. This is in order to use WC services as a full server-side
White/Blacklist server.
3.5. The BLOCK Command
The BLOCK command tells the WC-Compliant POP3 server to add a sender
to a user's Unwelcome list, thus blocking further emails from this
sender.
The BLOCK command takes the following parameters:
<email@as.per.rfc822.tld> <SP> <orig-server> (optional: <SP>
<orig-msg-id>)
Example:
BLOCK spammer@spam.net smtp.spamco.com
If no <orig-msg-id> is given, any message matching the specified
address and server is blocked. This parameter is optional, but MUST be
kept in the Unwelcome list if specified, in order to allow the user to
unblock the sender by moving the entry to the Welcome list.
Successful addition of this sender to a user's Unwelcome list MUST
result in a proper POP3 "+OK" reply. The text of the result SHOULD
include a comment explaining that the sender has been added to the
user's Unwelcome list and blocked.
Example:
C: BLOCK spammer@spam.net smtp.spamco.com
S: +OK spammer@spam.net is now blocked from sending you mail from
smtp.spamco.com
�
Failure of the BLOCK command MUST result in a proper POP3 "-ERR"
reply. The text of the result SHOULD include a comment explaining why
the command failed.
Example:
C: BLOCK spammer@spam.net smtp.spamco.com
S: -ERR Cannot access WC lists at this time
Addition of a user already present in the Unwelcome list MUST result
in success, in order to avoid needless parsing of error messages.
A BLOCK command MUST cause the POP3 server to check for the presence
of the sender's <email@as.per.rfc822.tld> / <orig-server> /
<orig-msg-id> in both the user's Pending and Welcome lists. If the
sender being blocked is present in either list, it must be removed from
that list in order to properly reflect the state of this sender. The
subject line (if not empty) MUST be copied from the Pending list to the
Blocked list.
Entries are not considered duplicate if they have the same email
address, but do not have the same <orig-server> information. This
allows duplicate email addresses to be blocked from multiple SMTP
servers.
Senders specified in a BLOCK command MUST be added if the command
parameters are valid, even if they have not been found in the other
lists. This is in order to use WC services as a full server-side
White/Blacklist server.
3.6. The LISTALLOWED Command
The LISTALLOWED command generates a user's list of Welcome senders
from the WC-Compliant POP3 server.
The LISTALLOWED command does not take any parameters.
This command MUST reply with a proper POP3 "+OK" result if there are
zero(0) or more entries in the user's Welcome list. The initial text of
the result SHOULD include a comment detailing the number of Welcome
senders.
Example:
C: LISTALLOWED
S: +OK There is nobody on your Welcome list
If there is one (1) or more entries in the Welcome list, the POP3
server MUST with each entry on a separate line after the "+OK" reply.
The list MUST be terminated with a single "." on a final line by itself.
Blank lines MUST NOT appear between list entries.
The format for the response is as follows:
<email@as.per.rfc822.tld> <SP> <orig-server> <EOL>
�
Example:
C: LISTALLOWED
S: +OK You have 1 people on your Welcome list
S: David Szego <dszego@mindslip.com> smtp.mindslip.com
S: .
Failure of the LISTALLOWED command MUST result in a proper POP3
"-ERR" result. The text of the result SHOULD include a comment
explaining why the command failed.
Example:
C: LISTALLOWED
S: -ERR Cannot access WC lists at this time
3.7. The LISTBLOCKED Command
The LISTBLOCKED command generates a user's list of Unwelcome senders
from the WC-Compliant POP3 server.
The LISTBLOCKED command does not take any parameters.
This command MUST reply with a proper POP3 "+OK" result if there are
zero(0) or more entries in the user's Unwelcome list. The initial text
of the result SHOULD include a comment detailing the number of Unwelcome
senders.
Example:
C: LISTBLOCKED
S: +OK There is nobody on your Unwelcome list
If there is one (1) or more entries in the Unwelcome list, the POP3
server MUST with each entry on a separate line after the "+OK" reply.
The list MUST be terminated with a single "." on a final line by itself.
Blank lines MUST NOT appear between list entries.
The format for the response is as follows:
Name-if-given <email@as.per.rfc822.tld> <SP> <orig-server> <SP>
<Receipt-Date> <SP> Subject to end of line <EOL>
Example:
C: LISTBLOCKED
S: +OK You have 1 sender on your Unwelcome list
S: Joe Spammer <spam@spammer.net> mail.spam.com E.n.l.a.r.g.e
yourself
S: .
Failure of the LISTBLOCKED command MUST result in a proper POP3
"-ERR" result. The text of the result SHOULD include a comment
explaining why the command failed.
Example:
C: LISTBLOCKED
S: -ERR Cannot access WC lists at this time
�
4. Handling Email
WC-Compliant POP3 servers will generally only need to specially
handle incoming email which has been delivered by a non-WC-Compliant
MTA. Email transferred through a WC-Compliant MTA will not get
delivered to the retreival (POP3/IMAP4/etc.) server in the first place.
Exceptions to this are initial-contact emails.
However, the POP3 server MUST be able to generate and handle "Control
Emails" (described below) in order to allow user's without a
WC-Compliant Mail Submission Agent (email program) to interact with
their Welcome / Unwelcome / Pending lists.
4.1. From WC-Compliant MTAs
If an email received by the POP3 server has the WCor <orig-server>
and <orig-msg-id> headers ("WC Headers"), it can safely be assumed that
the email was delivered by a WC-Compliant MTA. These headers along with
the email address in the "From" header MUST be used to identify this
sender against the WC lists. The <orig-msg-id> header will be used to
confirm that this is indeed the original sender, as only the original
sender's MTA should know this ID.
If an email received by the POP3 server does not have the WC Headers,
it can safely be assumed that the email was delivered by a
non-WC-Compliant MTA. In this case, the <orig-server> value MUST be
gleaned from the SMTP Return-Path headers, and the <orig-msg-id> value
MUST come from either the SMTP Message-ID, or the SMTP In-Reply-To
headers.
WC-Compliant POP3 servers MUST check all emails for the presence of
the WC Headers. If present, and if the POP3 software knows it is
running with a WC-Compliant MTA (for instance in a software suite), it
MAY be assumed that the WC-Compliant MTA would not have delivered the
email to the recipient's mailbox if it were Unwelcome. In this case,
the email MUST be checked against the recipient's Pending list. If the
WC Header values are present in the Pending list, it MAY be delivered
(optionally, as described above) or discarded.
4.2. From Non-WC-Compliant MTAs
Email from non-WC-Compliant MTAs will be missing the <orig-server>
and <orig-msg-id> headers as described above. If an email is missing
these WC Headers, their equivalent content MUST be gleaned as described
above and added to the message. The gleaned WC headers MUST then be
checked against the recipient's Welcome / Unwelcome / Pending lists to
determine whether the email should be delivered.
If the WC Header values do not match an entry, the email MUST be
considered an "Initial-Contact Email", and the WC Header values (as
gleaned), along with the subject line, and receipt date, MUST be added
to the recipient's Pending list, and marked as a "New Correspondence
Request" for presentation when the next LISTNEWREQ command is issued by
the recipient.
�
If the WC Header values (as gleaned) do match an entry, at MINIMUM
the email address and orig-server value, the email MUST be acted upon
according to which list it is present in, Welcome or Unwelcome. Emails
matching an entry in the user's Pending list SHOULD NOT be delivered, as
the sender SHOULD be considered temporarily blocked. This MAY be a
configurable option (to deliver email from a sender while in the Pending
state, or not) in the POP3 server implementation.
5. Handling Non-WC-Compliant Mail Clients: New Correspondence Requests
WC-Compliant mail clients MUST issue the WCOR command in the
TRANSACTION state to identify themselves as WC-Compliant. If a mail
client does not issue the WCOR command, a WC-Compliant POP3 server MUST
assume the client is not WC-Compliant and handle New Correspondence
Requests by generating a "New Correspondence Requests Email".
If there is one (1) or more New Correspondence Requests, that is,
entries in a users Pending list which are flagged as New, the POP3
server MUST generate a "New Correspondence Requests Email", which MUST
be presented to the user as a new unread email, and delivered to the
user when the user retrieves their email. This is to allow
non-WC-Compliant email clients to interact with the WC-Compliant email
server.
�
A New Correspondence Requests Email SHOULD look something like this:
From: WC-Mail-Server <dszego@mindslip.com>
Reply-To: dszego@mindslip.com
To: dszego@mindslip.com
Subject: New and Pending Correspondence Requests
Date: Friday, March 12th 2004
This is the mail server at pop-imap.incoming.com
You have 3 new, and 1 pending Correspondence Requests:
New:
From: John Doe <jdoe@sender.net>
Subject: Buy pharmaceuticals online!
[Allow this sender]
<"mailto:dszego@mindslip.com?subject=WC<uid>-Allow">
[Block this sender]
<"mailto:dszego@mindslip.com?subject=WC<uid>-Block">
From: Joe Blow <jb@somewhere.com>
Subject: Meeting next thursday
[Allow this sender]
<"mailto:dszego@mindslip.com?subject=WC<uid>-Allow">
[Block this sender]
<"mailto:dszego@mindslip.com?subject=WC<uid>-Block">
From: Cain Able <cable@isp.tv>
Subject: Meet people in your area asdfjjsfe
[Allow this sender]
<"mailto:dszego@mindslip.com?subject=WC<uid>-Allow">
[Block this sender]
<"mailto:dszego@mindslip.com?subject=WC<uid>-Block">
Pending:
From: Al Phabet <abcde@xyz.com>
Subject: Urgent request for help
[Allow this sender]
<"mailto:dszego@mindslip.com?subject=WC<uid>-Allow">
[Block this sender]
<"mailto:dszego@mindslip.com?subject=WC<uid>-Block">
(Pending since 01/01/2004)
The format of the email SHOULD be similar in presentation to the
above example. It MUST allow at least the ability to act on New
Correspondence Requests (block or allow). It MAY provide the ability to
act on Pending requests, and SHOULD do so by presenting Pending requests
if the list of Pending senders is not too long to handle in such an
email.
�
Requests are acted upon by providing a <mailto:> URL in the email
which specifies the user themselves as the recipient, and a unique ID
and action in the subject (see example above).The POP3 server MUST
intercept any emails it sees from the user to themselves, with the
server's own generated UID in the subject line. Thus, the POP3 server
MUST keep track of it's generated UIDs in order to verify authenticity.
The POP3 server MUST NOT deliver the action replies to the user after
intercepting. It MAY generate and deliver an email with confirmation of
actions taken.
Regardless of the scope of abilities presented to non-WC-Compliant
mail clients in the New Correspondence Requests Email, the POP3 server
MUST be able to intercept and interpret the users action reply emails.
Reply emails specifying an "Allow" command MUST act as if an ALLOW
command was issued in the TRANSACTION state by the user, on the sender
in question.
Reply emails specifying a "Block" command MUST act as if an BLOCK
command was issued in the TRANSACTION state by the user, on the sender
in question.
New Correspondence Requests not acted upon MAY be moved to the
Pending list as described in the LISTPENDREQ command section.
In this way, the POP3 server is able to present the user with a list
of New Correspondence Requests when the user is not using WC-Compliant
email client and act upon the users choices by using a mechanism similar
to mailing-list control emails.
6. IANA Registry Considerations
This document specifies six (6) new POP commands and one (1) new
capability keyword as protocol extensions in compliance with RFC 2449
[RFC2449] section 9.
POP3 capabilities are registered by publishing a standards track or
IESG approved experimental RFC. The registry is currently contained in
RFC 2449 [RFC2449].
IANA is requested to add these POP3 commands and capability keyword
to the registry.
7. Security Considerations
Welcomed Correspondence extensions rely on authenticated connections
to existing email services. These are provided for in current
RFC-standards for IMAP, POP, and SMTP, and are available in most modern
server and client implementations. The WCor suite of protocol
extensions insists that authentication MUST be used in order to verify
use and alteration of WCor lists.
�
<orig-msg-id> strings are sent in the clear, and as such are
susceptible to man-in-the-middle attacks. As this is not a
security-critical protocol extension, this is not a significant concern,
however it is RECOMMENDED that SSL encryption is used on all email
server connections as a general security best-practice. This would also
negate the concern of interception of orig-msg-id strings, used to
authenticate list manipulation requests.
8. Full Copyright Statement
Copyright (C) The Internet Society (2006).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR
IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
9. References
[STD1] Postel, J., "Internet Official Protocol Standards", STD 1, RFC
1540, Internet Architecture Board, October 1993.
[BCP79] S. Bradner, "Intellectual Property Rights in IETF
Technology", BCP 79, RFC 3668, Intellectual Property Rights Working
Group of the IETF, February 2004
[WCor-Overview] D. Szego, "Welcomed Correspondence Overview",
Internet Draft "draft-szego-wcor-overview-01", June 2005
[RFC2449] R. Gellens, C. Newman, L. Lundblade, "POP3 Extension
Mechanism", RFC 2449, November 1998
[KEYWORDS] S. Bradner, "Key Words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997
[RFC1738] T. Berners-Lee, "Uniform Resource Locators (URL)", RFC
1738, December 1994
[RFC822] D. Crocker, "Standard for the Format of ARPA Internet Text
Messages", RFC 822, August 1982
�
10. Author's Address
David J. Szego
26 Valleyview Road
Thornhill, Ontario
L3T 6X5 Canada
david@mindslip.org
