Internet Draft                                                M. Elvey                                             Aaron Stone
Document: draft-ietf-sieve-refuse-reject-04 draft-ietf-sieve-refuse-reject-05           libSieve Project
Intended status: Standards Track                         Matthew Elvey
Expires: April 7, 2008                          The Elvey Partnership,
                                                                   LLC
Expires: April 2007                                        A.
                                                       Alexey Melnikov
                                                             Isode
                                                            Isode, Ltd
                                                       October 2006

         The SIEVE mail filtering language - reject extension
                    draft-ietf-sieve-refuse-reject-04.txt 4, 2007

               Sieve Email Filtering: Reject Extension
                draft-ietf-sieve-refuse-reject-05.txt

Status of this Memo

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six
   months and may be updated, replaced, or obsoleted by other
   documents at any time. It is inappropriate to use Internet-Drafts
   as reference material or to cite them other than as "work in
   progress."

   The list of current Internet-Drafts can be accessed at
        http://www.ietf.org/ietf/1id-abstracts.txt
   The list of Internet-Draft Shadow Directories can be accessed at
        http://www.ietf.org/shadow.html.

   A revised version of this draft document will be submitted to the
   RFC editor as a Proposed Standard for the Internet Community.
   Discussion and suggestions for improvement are requested.
   Distribution of this draft is unlimited.

Abstract

   This memo updates the definition of the SIEVE Sieve mail filtering language
   (RFC
   <<3028bis>>) draft-ietf-sieve-3028bis-XX.txt) "reject" extension, originally
   defined in RFC 3028.

   A Joe-job "Joe-job" is a spam run forged to appear as though it came from an
   innocent party, who is then generally flooded by the automated bounces,
   Message Disposition Notifications (MDNs) (MDNs), and personal messages with
   complaints.  The original Sieve "reject" action defined in RFC 3028
   required use of MDNs for rejecting messages, thus contributing to the
   flood of Joe-job spam to victims of Joe-jobs.

   This document memo updates the definition of the "reject" action to require rejecting allow
   messages to be refused during the SMTP transaction (instead of accepting them transaction, and then
   sending MDNs back defines the
   "ereject" action to require messages to be refused during the alleged sender) wherever possible, thereby
   reducing SMTP
   transaction.

   The "ereject" action is intended to replace the problem. "reject" action
   wherever possible.

Table of Contents

  1. Introduction                                                   2
  2. Conventions Used in this Document                              3
  3. SIEVE Sieve "reject" extension                                       3 and "ereject" extensions                        X
     3.1  Action reject                                              3 ereject
      3.1.1 Rejecting a message at the SMTP/LMTP protocol level
      3.1.2 Rejecting a message by sending a DSN
     3.2 "reject"  Action reject
     3.3  "ereject"/"reject" compatibility with other actions                  7
     3.4 How "reject"/"ereject" should generate MDNs
     3.5 How "reject"/"ereject" should perform protocol level refusal
  4. Security Considerations                                        7                                        X
  5. IANA Considerations                                            7                                            X
     5.1 reject extension registration                              7                              X
     5.2 refuse extension registration                              8                              X
  6. References                                                     8                                                     X
     6.1 Normative References                                       8                                       X
     6.2 Informative References                                     8                                     X
  7. Acknowledgments                                                9                                                X
  8. Author's Addresses                                             9                                             X
  9. Intellectual Property Rights Statement                         9                         X
  10. Full Copyright Statement                                     10                                      X
  11. Changes from RFC 3028                                        11                                         X
  12. Change Log                                                   11                                                    X

1.   Introduction

   The SIEVE Sieve mail filtering language [SIEVE] "reject" action defined in RFC 3028 only allowed users to refuse delivery of
   specifies that "reject" action shall discard a message by
   sending and send a
   Message Disposition Notification [MDN] to the envelope sender along
   with an [MDN]. explanatory message.

   This document updates the definition of the "reject" action to permit
   users to handle unwanted email in a way that is generally
   preferable to
   refusal of the existing 'discard' and message during the original 'reject'
   capabilities.  When a spam-detection system suspects SMTP transaction, if possible, and
   defines a new "ereject" action to require refusal of the message is
   spam, but isn't certain, discarding
   during the email is considered too
   risky for some users, for example, those who receive sales leads by
   email. They SMTP transaction.

   Implementations are willing further encouraged to use the reject command. Users are
   willing spam-detection systems
   to reject but not discard because determine the sender level of risk associated with sending an email
   incorrectly marked as spam will receive a notification that the
   email was refused, and will likely try again MDN,
   allowing implementations to contact the
   intended recipient, perhaps via another method of communication.
   Unfortunately, this usage is problematic, because in silently drop the usual
   case, MDN if the email rejected
   message is indeed spam, and the alleged sender deemed to whom an
   MDN caused by the reject will be sent will often be an innocent Joe-
   job victim. The updated "reject" is less likely to result in email
   to an innocent victim, because it requires that an implemention
   refuse to accept an email for delivery instead of accepting it and
   then sending an MDN wherever possible.  Much spam is sent through
   open proxies, so SMTP level refusal reduces Joe-job bounces (AKA
   backscatter) resulting from usage of MDNs. The updated "reject"
   will also reduce Joe-jobs caused by virus self-propagation via
   emails with false sender information.  SMTP level refusal helps to
   prevent the blacklisting of sources of backscatter and conserve
   bandwidth, by reducing the number of MDNs sent. spam.

   Further discussion highlighting the risks of generating MDNs and the
   benefits of protocol-level refusal can be found in [Joe-DoS].

2.   Conventions Used in this Document

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119.

   Conventions for notations are as in [SIEVE] section Section 1.1.

   This document does not attempt to define what exactly constitutes a spam or virus containing how it should be
   identified, nor to define an email virus or how it should be identified.
   detected.  Implementations are advised to follow best practices
   and keep abreast of current research in these fields.

3.   SIEVE   Sieve "reject" extension

   SIEVE and "ereject" extensions

3.1  Action ereject

      Usage:   ereject <reason: string>

   Sieve implementations that implement the "reject" "ereject" action must use
   the "reject" "ereject" capability string.

3.1  Action reject

      Usage:   reject <reason: string>

   The "reject" "ereject" action cancels the implicit keep and refuses delivery
   of a message.  The reason string is a UTF-8 [UTF-8] string
   specifying the reason for refusal.  How a message is refused depends
   on the capabilities of the mail component (MUA, MDA (MDA or MTA) executing the
   Sieve script.  The Sieve interpreter must do MUST carry out one of the
   following
   actions, as detailed by actions (listed in order from most to least preferred),
   SHOULD carry out the following priority table (items listed
   earlier take precedence). Note that most preferable action, and SHOULD fall back to
   lesser actions if an a preferred action can not be taken or
   fails, the interpreter should try the next item in the list: fails.

     1.   If a "reject" implementation performs a return-path verification
        and it clearly indicates that the Refuse message has a forged return-path,
        the implementation need not refuse mail delivery, but rather MAY
        accept and discard it.
     2.   Message delivery is refused by sending a 5XX response code
        over SMTP [SMTP] or LMTP [LMTP]. See section Section 3.1.1 for more
        details.

     2. Discard the message if a return-path verification clearly
        indicates that the message has a forged return-path.

     3.   Message delivery is refused by sending Send a non delivery non-delivery report
        (DSN to the envelope sender
        ([REPORT] [DSN]). See section Section 3.1.2 for more details.
     4.   Message delivery is refused by sending a message disposition
        notification report (MDN). See section 3.1.3 for more details.

     The ereject action MUST NOT be available in environments that do
     not support protocol level rejection, e.g. an MUA.

3.1.1 Rejecting messages a message at the SMTP/LMTP protocol level

   Sieve implementations that are able to reject messages at the
   SMTP/LMTP level MUST do so and SHOULD use the 550 response code. Note
   that if a message is arriving over SMTP and has multiple recipients,
   some of which whom have accepted the message, or the Sieve implementation
   is part of an MUA, section Section 3.1.2 and section 3.1.3 define defines how to
   reject such a message.

   Note that SMTP [SMTP] doesn't allow for non-ASCII characters in the
   SMTP response text. If non-ASCII characters appear in the "reason"
   string, they can be sent at the protocol level if and only if the
   client and the server use an SMTP extension that allows for
   transmission of non-ASCII reply text. (One example of such an SMTP
   extension is described in [UTF8-RESP].) In the absence of such an
   SMTP extension, the Sieve engine MUST replace any reason string
   being sent at the protocol level and containing non-ASCII
   characters with an implementation-defined ASCII-only string.
   Implementations SHOULD notify the user that such replacement took
   place.  Users that don't like this behavior should consider using "reject :exacttext" as
   the "reject" action described in Section 3.2, if available.

   If

   See Section 3.5 for the "reason" string consists detailed instructions about performing
   protocol level rejection.

3.1.2 Rejecting a message by sending a DSN

   An implementation may receive a message via SMTP that has more
   than one RCPT TO that has been accepted by the server, and at least
   one but not all of multiple CRLF separated lines,
   then them are refusing delivery (whether the reason text refusal
   is caused by a Sieve "ereject" action or for some other reason).
   In this case, the server MUST be returned accept the message and generate DSNs
   for all recipients that are refusing it. Note that this exception
   does not apply to LMTP, as LMTP is able to reject messages on a multiline SMTP/LMTP
   response, per [SMTP], section 4.2.1. Any line per-
   recipient basis.

   Note that according to [DSN], Delivery Status Notifications MUST NOT exceed
   be generated if the
   SMTP limit on MAIL FROM (or Return-Path) is empty.

   The DSN message MUST follow the maximal line length. To make requirements of [DSN] and [REPORT].
   The action-value field defined in [DSN], Section 2.3.3, MUST contain
   the value "failed".  The human-readable portion of the non-delivery
   report MUST contain the reason string
   conform to any such limits from the server MAY insert CRLFs "ereject" action and turn
   SHOULD contain additional text alerting the
   response into a multiline response.

   In apparent original sender
   that the following script (which assumes support for message was refused by an email filter.  This part of the spamtest
   [SPAMTEST] and fileinto extensions), messages that test highly
   positive for spam are refused.

      Example:
      require ["reject", "spamtest",
      "comparator-i;ascii-numeric", "fileinto"];

      if spamtest :value "ge" :comparator "i;ascii-numeric" "6" {
          reject text:
   AntiSpam engine thinks your
   report might appear as follows:

   ------------------------------------------------------------
   Your message is spam.
   It is therefore being refused.
   Please call 1-900-PAY-US if you want to reach us.
   .
                            ;
      } elsif spamtest :value "ge" :comparator "i;ascii-numeric" "4" {
          fileinto "Suspect";
      } was refused by the recipient's mail filtering program.
   The following excerpt reason given was as follows:

   I am not taking mail from an SMTP session shows it in action.
   ...
   C: DATA
   S: 354 Send message, ending in CRLF.CRLF.
    ...
   C: .
   S: 550-AntiSpam engine thinks you, and I don't want your message birdseed,
   either!
   ------------------------------------------------------------

3.2  Action reject

   This section updates the definition of the reject action in Section
   4.1 of RFC 3028 and is spam.
   S: 550-It an optional extension to [SIEVE].

      Usage:   reject <reason: string>

   Sieve implementations that implement the "reject" action must use
   the "reject" capability string.

   The "reject" action cancels the implicit keep and refuses delivery
   of a message.  The reason string is therefore being refused.
   S: 550 Please call 1-900-PAY-US if you want a UTF-8 [UTF-8] string
   specifying the reason for refusal.  Unlike the "ereject" action
   described above, this action would always favor preserving the exact
   text of the refusal reason. Typically the "reject" action refuses
   delivery of a message by sending back an [MDN] to reach us.

   If the SMTP/LMTP alleged sender
   (see Section 3.4).  However implementations MAY refuse delivery over
   protocol (as detailed in Section 3.5), if and only if all of the
   following conditions are true:

   1) The reason string consists of only US-ASCII characters
        or
      The reason string contains non-US-ASCII and both client and server supports RFC 2034 [ENHANCED-CODES] it MUST
   prepend
      support and negotiate use of an appropriate Enhanced Error Code to SMTP/LMTP extension for sending
      UTF-8 responses.
   2) LMTP protocol is used
        or
      SMTP protocol is used and the "reason" text.
   Enhanced Error code 5.7.1 message contains a single recipient
      or SMTP protocol is used, the message contains multiple recipients
      and all of them refused message delivery (whether using Sieve or
      not).

   Script generators SHOULD ensure that a more generic 5.7.0 are RECOMMENDED.
   With rejection action being
   executed as a result of an Enhanced Error Code, anti-spam/anti-virus positive test
   be done using the response to DATA command in ereject action, as it is more suitable for such
   rejections.

   Script generators MAY automatically upgrade scripts that previously
   used the SMTP
   example below will look like:

     S: 550-5.7.1 AntiSpam engine thinks your reject action for anti-spam/anti-virus related rejections.
   Note that such generators MUST make sure that the target environment
   can support the ereject action.

   Example:
           require ["reject"];

           if size :over 100K {
               reject text:
   Your message is spam.
     S: 550-5.7.1 It is therefore being refused.
     S: 550 5.7.1 Please call 1-900-PAY-US if to big. If you want to reach us.

   if the server selected "5.7.1" as appropriate.

   If send me a Sieve implementation big attachment,
   put it on a public web site and send me an URL.
   .
               ;
           }

   (Pretend that supports the reason string above contains some non-ASCII text)

3.3  "ereject"/"reject" compatibility with other actions

   This section applies equally to "reject" doesn't wish and "ereject" actions.
   All references to
   immediately disclose the reason for rejection (for example that it
   detected spam), it may delay immediately sending of "reject" action in this section can be replaced
   with the 550 error
   code by sending "ereject" action.

   A "reject" action cancels the implicit keep.

   Implementations MUST prohibit the execution of more than one reject
   in a 4XX error code on Sieve script.

   "Reject" MUST be incompatible with the first attempt to receive "vacation" [VACATION]
   action. It is NOT RECOMMENDED that implementations permit the message.

3.1.2 Rejecting use of
   "reject" with actions that cause mail delivery, such as "keep",
   "fileinto", "redirect".
   Making "reject" compatible with actions that cause mail delivery
   violates the RFC 2821 principle that a message by sending a DSN

   An implementation may receive is either delivered or
   bounced back to the sender. So bouncing a message via SMTP that has more
   than one RCPT TO back (rejecting)
   and delivering it will make the sender believe that has been accepted by the server, and at least
   one but message was
   not all of them delivered.
   However, there are refusing delivery (whether existing laws requiring certain organizations to
   archive all received messages, even the refusal
   is caused by execution rejected ones. Also, it can
   be quite useful to save copies of a Sieve "reject" or rejected messages for another reason).
   In this case, the server MUST accept later
   analysis.

   Any action that would modify the message and generate DSNs
   for all recipients that are refusing it. Note that this exception
   does body will not apply to LMTP, as LMTP is able to reject messages have an effect
   on a per-
   recipient basis.

   Note that according to [DSN], Delivery Status Notifications the body of any message refused by "reject" using an SMTP response
   code and MUST NOT
   be generated if have any effect on the MAIL FROM (return-path) is empty.

3.1.3 content of generated
   DSN/MDNs.

3.4 Rejecting a message by sending an MDN

   When a Sieve engine is running inside an MUA, it has no ability to

   The reject a message at the SMTP/LMTP protocol level, as final delivery
   (in the SMTP sense) is already complete. In this case the client
   should send a Message Disposition Notification [MDN] back to the
   sender. It action resends the received message to the envelope sender as
   specified in the
   Return-Path header field, wrapping it in a "reject" form, noting that
   it was rejected by the recipient.

   MTAs and MDAs MUST NOT implement "reject" by sending MDNs, they
   SHOULD reject at the protocol level as described MAIL FROM (or Return-Path) address, wrapping it in section 3.1.1.
   In the following script,
   a message is "reject" form, explaining that it was rejected and returned to by the
   sender. recipient.

   Note that according to MDN [MDN], Message Disposition Notifications MUST
   NOT be generated if the MAIL FROM
   (Return-path) (or Return-Path) is empty.

   Example:
                require ["reject"];

                if header :contains "from" "coyote@desert.example.org"
   {
                reject text:
   I am not taking mail from you, and I don't
   want your birdseed, either!"
   .
                ;
             }

   A reject message MUST take the form of a failure MDN as specified
   by [MDN]. The human-readable portion of the message, the first
   component of the MDN, contains the human readable message
   describing the error, and it SHOULD contain additional text
   alerting the apparent original sender that mail was refused by a an
   email filter.
   This

   The MDN disposition-field as defined in the MDN specification MUST
   be "deleted" and MUST have the "MDN-sent-automatically" and
   "automatic-action" modes set (see Section 3.2.6 of [MDN]).

   In the following script, a message is rejected and returned to the
   alleged sender.

   Example:
           require ["reject"];

           if header :contains "from" "coyote@desert.example.org" {
               reject text:
   I am not taking mail from you, and I don't
   want your birdseed, either!"
   .
               ;
           }

   For this script, the first part of the MDN might appear as follows:

   ------------------------------------------------------------
   The message was refused by the recipient's mail filtering program.
   The reason given was as follows:

   I am not taking mail from you, and I don't want your birdseed,
   either!
   ------------------------------------------------------------

   The MDN action-value field as defined in the MDN specification MUST
   be "deleted" and MUST have the MDN-sent-automatically and automatic-
   action modes set.

3.2  :exacttext optional argument to reject action

   SIEVE implementations that implement the :exacttext optional argument
   to the "reject" action must advertise the "rejectexact" capability in
   addition to the "reject" capability described above.

   The :exacttext argument affects how reject processing described in
   section 3.1.1 is performed.

3.5 How "reject"/"ereject" should perform protocol level refusal

   If this argument is present, and the
   SMTP client and server don't both support an SMTP extension that
   allows for transmission "reason" string consists of non-ASCII reply text and there is
   non-ASCII text in the reason string, multiple CRLF separated lines,
   then the reason string text MUST NOT be replaced with an implementation defined ASCII-only string returned as
   defined in 3.1.1.  Instead, a multiline SMTP/LMTP
   response, per [SMTP], Section 4.2.1. Any line MUST NOT exceed the
   SMTP limit on the maximal line length. To make the Sieve engine MUST try to generate
   DSN, in order reason string
   conform to preserve any such limits the exact text specified in server MAY insert CRLFs and turn the reason
   string.
   response into a multiline response.

   In the following script (which assumes support for the spamtest
   [SPAMTEST] and fileinto extensions), messages that test highly
   positive for spam are refused.

   Example:
           require ["reject", "rejectexact]; ["ereject", "spamtest", "fileinto",
                    "comparator-i;ascii-numeric"];

           if size :over 100K spamtest :value "ge"
                       :comparator "i;ascii-numeric" "6" {
                reject :exacttext
               ereject text:
   Your
   AntiSpam engine thinks your message is to big. If spam.
   It is therefore being refused.
   Please call 1-900-PAY-US if you want to send me a big attachement,
   put it on a public web site and send me an URL. reach us.
   .
               ;
           }

   <<Pretend that the reason string above contains some non-ASCII text>>

   NOTE: The :exacttext argument has no effect if the Sieve engine is
   running in an MUA. elsif spamtest :value "ge"
                            :comparator "i;ascii-numeric" "4" {
               fileinto "Suspect";
           }

   The :exacttext argument also has no effect if the
   Sieve engine is running in an MTA/MDA, but both client and server
   support and negotiate use of following excerpt from an SMTP/LMTP extension for sending UTF-8
   responses.

3.3  "reject" compatibility with other actions

   A "reject" action cancels the implicit keep.

   Implementations MUST prohibit the execution of more than one reject SMTP session shows it in a SIEVE script.

   "Reject" MUST be incompatible with the "vacation" [VACATION] action. It is NOT RECOMMENDED that implementations permit the use of
   "reject" with actions that cause mail delivery, such as "keep",
   "fileinto", "redirect".
   Making "reject" compatible with actions that cause mail delivery
   violates the RFC 2821 principle that a
   ...
   C: DATA
   S: 354 Send message, ending in CRLF.CRLF.
    ...
   C: .
   S: 550-AntiSpam engine thinks your message is either delivered or
   bounced back spam.
   S: 550-It is therefore being refused.
   S: 550 Please call 1-900-PAY-US if you want to reach us.

   If the sender. So bouncing a message back (rejecting)
   and delivering SMTP/LMTP server supports RFC 2034 [ENHANCED-CODES] it will make MUST
   prepend an appropriate Enhanced Error Code to the sender believe that "reason" text.
   Enhanced Error code 5.7.1 or a more generic 5.7.0 are RECOMMENDED.
   With an Enhanced Error Code, the response to DATA command in the SMTP
   example below will look like:

     S: 550-5.7.1 AntiSpam engine thinks your message was
   not delivered.
   However, there are existing laws requiring certain organizations is spam.
     S: 550-5.7.1 It is therefore being refused.
     S: 550 5.7.1 Please call 1-900-PAY-US if you want to
   archive all received messages, even reach us.

   if the rejected ones. Also, it can
   be quite useful server selected "5.7.1" as appropriate.

   If a Sieve implementation that supports "ereject" doesn't wish to save copies of rejected messages
   immediately disclose the reason for later
   analysis.

   Any action rejection (for example that would modify the message body will not have an effect
   on the body it
   detected spam), it may delay immediately sending of any message refused the 550 error
   code by "reject" using an SMTP response sending a 4XX error code and MUST NOT have any effect on the content of generated
   DSN/MDNs. first attempt to receive
   the message.

4.   Security Considerations

   The Introduction section talks about to this document discusses why rejecting messages
   before delivery is better then than accepting and bouncing them.

   Security issues associated with mail email auto-responders are fully
   discussed in the security consideration Security Considerations section of [RFC3834]. This
   document is believed not believed to introduce any additional security
   considerations in this general area.

   The "reject" "ereject" extension does not raise any other security
   considerations that are not already present in the base [SIEVE]
   protocol,
   specification, and these issues are discussed in [SIEVE].

5.   IANA Considerations

   The following section provides the IANA registrations for the Sieve
   extensions specified in this document:

5.1  reject extension registration

   IANA is requested to update the registration for the SIEVE Sieve "reject"
   extension to point to this document.
   IANA as detailed below:

   Capability name: reject
   Description:     adds the 'reject' action for refusing delivery
                    of a message. The exact reason for refusal is also requested to update Tim Showalter's email address
                    conveyed back to
   be
     tjs@psaux.com the client.
   RFC number:      this RFC
   Contact address: The Sieve discussion list <ietf-mta-filters@imc.org>

5.2  refuse  ereject extension registration

   IANA is requested to remove replace the preliminary registration of the
   Sieve refuse extension.
   <<Should this be taken care of by talking directly to IANA?>>

5.3  rejectexact extension registration

   IANA is requested to add with the following registration to registration:

   << Issue of replace / obsolete the list draft refuse extension:

     Matthew: Would it be better to have it obsolete it, rather
     than replace it? I think so, to prevent inadvertent reuse,
     especially since there are 'refuse' implementations.

     Alexey: I agree with obsoleting it, if you think there are
     implementations. But I thought there were no implementations
     of
   Sieve extensions: refuse.

   >>

   Capability name: rejectexact ereject
   Description:     adds the ':exacttext' optional argument to 'ereject' action for refusing delivery
                    of a message. The refusal should happen as early
                    as possible (e.g. at the
                    reject action, which instructs protocol level) and might
                    not preserve the Sieve engine to
                    generate Delivery Status Notifications if rejection exact reason string for refusal if it
                    contains non-ASCII non-US-ASCII text.
   RFC number:      this RFC (Sieve base spec)
   Contact address: The Sieve discussion list <ietf-mta-filters@imc.org>

6.   References

6.1  Normative References

   [KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate
   Requirement Levels", RFC 2119, March 1997.
   << NIT: KEYWORDS is never cited >>

   [SIEVE] Showalter, T. and P. Guenther, "Sieve: An Email Filtering
   Language", Work-in-progress, draft-ietf-sieve-3028bis-XX.txt

   [SMTP] Klensin, J. (Editor), "Simple Mail Transfer Protocol", AT&T
   Laboratories, RFC 2821, April 2001.

   [LMTP] Myers, J., "Local Mail Transfer Protocol", Carnegie-Mellon
   University, RFC 2033, October 1996.
   << NIT: LMTP is Informative >>

   [DSN] Moore , Moore, K., Vaudreuil, G., "An Extensible Message Format for
   Delivery Status Notifications", University of Tennessee, Lucent
   Technologies, RFC 3464, January 2003.

   [MDN] Fajman, R., "An Extensible Message Format for Message Hansen, T. and G. Vaudreuil, "Message Disposition Notifications", National Institutes
   Notification", RFC 3798, May 2004.

   [REPORT] Vaudreuil, G., "The Multipart/Report Content Type for the
   Reporting of Health, Mail System Administrative Messages", RFC
   2298, March 1998. 3462,
   January 2003.

   [ENHANCED-CODES] Freed, N., "SMTP Service Extension for Returning
   Enhanced Error Codes", Innosoft, RFC 2034, October 1996.

   [UTF-8] Yergeau, F., "UTF-8, a transformation format of ISO 10646",
   RFC 3629, November 2003.

   [VACATION] Showalter, T. and N. Freed, "Sieve Email Filtering:
   Vacation Extension", work in progress,
   draft-ietf-sieve-vacation-XX.txt.

6.2  Informative References

   [Joe-DoS] Stefan Frei, Ivo Silvestri, Gunter Ollmann, "Mail Non
   Delivery Message DDoS Attacks", 5 April 2004",
   <http://www.techzoom.net/paper-mailbomb.asp>.

   [SPAMTEST] Daboo, C., "SIEVE Email Filtering: Spamtest and
   Virustest Extensions", work in progress, draft-ietf-sieve-
   spamtestbis-XX.txt
   <<Note to the RFC editor: this reference can be safely replaced
   with RFC 3685.>>

   [RFC3834] Moore, K., "Recommendations for Automatic Responses to
   Electronic Mail", RFC 3834, August 2004.

   [UTF8-RESP] A. Melnikov (Ed.), "SMTP Language Extension",
   work in progress, draft-melnikov-smtp-lang-XX.txt

7.   Acknowledgments

   Thanks to Ned Freed, Cyrus Daboo, Arnt Gulbrandsen, Kristin Hubner,
   Mark E. Mallett, Philip Guenther, Michael Haardt, and Randy Gellens
   for comments and corrections.

   The authors gratefully acknowledge the extensive work of Tim
   Showalter as the author of the RFC 3028, which originally defined
   the "reject" action.

8.   Author's   Authors' Addresses

   Aaron Stone
   libSieve Project
   260 El Verano Ave
   Palo Alto, CA 94306
   USA

   Email: aaron@serendipity.palo-alto.ca.us

   Matthew Elvey
   The Elvey Partnership, LLC
   1819 Polk-ietf St Ste Polk Street, Suite 133
   San Francisco, CA
   U.S.A. 94109
   USA

   Email: sieve3@matthew.elvey.com

   Alexey Melnikov
   Isode Limited
   5 Castle Business Village
   36 Station Road
   Hampton, Middlesex, TW12 2BX
   UK

   Email: Alexey.Melnikov@isode.com

9.   Intellectual Property Rights Statement

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at ietf-
   ipr@ietf.org.
   ietf-ipr@ietf.org.

10.  Full Copyright Statement

   Copyright (C) The Internet Society (2006). IETF Trust (2007).

   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and except as set forth therein, the authors
   retain all their rights.

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY SOCIETY, THE IETF TRUST AND
   THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
   THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

   Acknowledgement

   Funding for the RFC Editor function is currently provided by the
   Internet Society.

11.  Changes from RFC 3028

  Clarified that the "reject" action cancels the implicit keep.
  Extended list of allowable actions on reject "reject" to include protocol
  level message rejection and generation of DSNs. rejection.

  Added the "ereject" action that is similar to "reject", but will
  always favor protocol level message rejection.

12.  Change Log

  <<NOTE to the RFC editor: please delete this section before
  publication.>>

   00   First formal draft.
   01   Explicit RFC 2034 support, disallow "refuse" in MUAs, typos
       corrected, clarifications, etc.
   02   Many insubstantial editorial changes (mostly rewording text for
       readability). Added text regarding non-ASCII characters in the
       refuse "reason" string. Added an exception allowing return-path
       forgery to justify discarding a message.
   03   (Renamed to be SIEVE WG 00) - Updated boilerplate, added reject
       action from the base spec, acknowledged Tim as the author of
       "reject".
   04   (SIEVE WG 01) Based on WGLC feedback, the refuse and the reject
       actions were merged into a single action called reject. Text
       reorganized as the result. Typos and examples corrected. Updated
       IANA registration and Security Considerations sections.
   05   (SIEVE WG 02) Copied some security considerations from Vacation
       draft. Clarified that the "reason" string is in UTF-8. Clarified
       interaction with "editheader" extension. Added text about sending
       of 4XX instead of 550. Corrected typos in several examples.
   06   (SIEVE WG 03) Explicitly list all actions incompatible with w/
       reject.  Added two paragraphs explaining why reject SHOULD (as
       opposed to MUST/MAY) be incompatible with them. Clarified that if
       the reason string contains non-ASCII and rejection over protocol
       is possible, then the reason string MUST be replaced with an
       implementations defined ASCII-only string. Added :exacttext
       optional argument that preserves UTF-8 reason string by forcing
       generation of DSN.
   07   (SIEVE WG 04) Removed special handling of empty return path.
       Several editorial changes from Randy Gellens.
       Clarified :exacttext applicability, removed redundancy.  Reverted
       SHOULD NOT send MDNs back to MUST NOT send MDNs of earlier drafts
       (section 3.1.3).
   08   (SIEVE WG 05)
       Reformatted the text to use no more than 72 characters per line.
       Reverted back to two actions (reject and ereject), as per
       consensus at the IETF 67. Major text update/rewrite as the
       result. Changed the order of actions that can be performed by
       ereject: protocol level rejection should always be first,
       followed by "accept and discard" for the case of faked return
       path. Added more details on how DSN reports should be generated.
   09  Editorship of this document taken over by Aaron Stone. Many
       general edits, including clarifications and grammar and spelling
       corrections. Updated boilerplate to RFC 4748. Nits identified.
       Republished for the first time in a long time.