Network Working Group C. Hutzler Internet-Draft AOL Expires: March 15, 2004 D. Crocker Brandenburg Internetworking P. Resnick QUALCOMM Incorporated R. Sanders Earthlink, Inc. E. Allman Sendmail, Inc. March 26, 2004 Updated September 15, 2004 Email Submission Between Independent Networks draft-hutzler-spamops-02 Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http:// www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on March 15, 2004 Copyright Notice Copyright (C) The Internet Society (2004). All Rights Reserved. Abstract Email has become a popular distribution service for a variety of socially unacceptable, mass-effect purposes. The most obvious ones include spam and worms. This note recommends conventions for the operation of email submission and transport services between independent operators, such as enterprises and Internet Service Hutzler, et al. Expires March 15, 2004 [Page 1] Internet-Draft Email Port Access March 2004 Providers. Its goal is to improve lines of accountability for controlling abusive uses of the Internet mail service. Consequently the document offers recommendations for constructive operational policies between independent operators of email transmission services. The document will seek BCP status. Comments and discussion of this document should be addressed to the ietf-smtp@imc.org mailing list or the Ant-Spam Research Group (ASRG). Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Submission, Relaying, Delivery . . . . . . . . . . . . . . . . 5 4. External Submission . . . . . . . . . . . . . . . . . . . . . 6 5. Message Submission Authentication Technologies . . . . . . . . 8 6. Security Considerations . . . . . . . . . . . . . . . . . . . 9 A. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 10 Normative References . . . . . . . . . . . . . . . . . . . . . 11 Informative References . . . . . . . . . . . . . . . . . . . . 12 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 12 Intellectual Property and Copyright Statements . . . . . . . . 14 Hutzler, et al. Expires March 15, 2004March 15, 2004 [Page 2] Internet-Draft Email Port Access March 2004 1. Introduction The very characteristics that make email such a convenient communications medium - its near ubiquity, rapid delivery and low cost - have made it a fertile ground for the distribution of unwanted or malicious content. Spam, fraud and worms have become a serious problem, threatening the viability of email and costing end users and providers millions of dollars in damages and lost productivity. In recent years, independent operators including enterprises and ISPs have turned to a number of different technologies and processes, in an attempt to combat these problems, with varying effect and with vastly different impacts on users and on the Internet mail infrastructure. Email will often travel between multiple independent providers of email transmission services, en route to its final destination. They will generally have no prior arrangement with one another and may employ different rules on the transmission. It is therefore difficult both to debug problems that occur in mail transmission and to assign accountability if undesired or malicious mail is injected into the Internet mail infrastructure. This document suggests operational policies that independent operators of email transmission services may adopt, to assist in providing continued, smooth operation of Internet email, but with controls in place to improve accountability. These policies are appropriate for operators of all sizes and may be implemented by operators independently, without regard for whether the other side of an email exchange has implemented them. It is important to note that the adoption of these policies alone will not solve the problems of spam and other undesirable email. However they provide a useful step in clarifying lines of accountability and interoperability between operators. This will help raise the bar for abusers, and will pave the way for additional tools to preserve the utility of the Internet email infrastructure. Hutzler, et al. Expires March 15, 2004 [Page 3] Internet-Draft Email Port Access March 2004 2. Terminology The Internet email architecture distinguishes four message- handling components: o Mail User Agents (MUAs) o Mail Submission Agents (MSAs) o Mail Transfer Agents (MTAs) o Mail Delivery Agents (MDAs) At the origination end, an MUA works on behalf of end-users to create a message and performs initial "submission" into the transmission infrastructure, via an MSA. An MSA accepts the message submission, performs any necessary pre- processing on the message and relays the message to an MTA for transmission. MTAs relay messages to other MTAs, in a sequence reaching a destination MDA that, in turn, delivers the email to the recipient's inbox. The inbox is part of the recipient-side MUA that works on behalf of the end-user to process received mail. These architectural components are often compressed, such as having the same software do MSA, MTA and MDA functions. However the requirements for each of these components of the architecture are becoming more extensive, so that their separation is increasingly common. Note: The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [3]. Hutzler, et al. Expires March 15, 2004 [Page 4] Internet-Draft Email Port Access March 2004 3. Submission, Relaying, Delivery The MSA, MTA and MDA functions used to be considered as the same set of functions. This has been reflected in the history of Internet mail by having MSA, MTA and MDA transfers all be performed with SMTP [2], over TCP Port 25. Internet mail permits email to be exchanged with no prior arrangement. Hence Port 25 exchanges occur without sender authentication. That is, the sender is not necessarily known by the relaying MTAs or the MDA. It is important to distinguish MUA-to-MSA email submission, versus MTA relaying, versus the final MTA-to-MDA transmission, prior to MDA-to-MUA delivery. Submission typically does entail a relationship between client and server; equally, the MDA can determine that it will be effecting final delivery and has an existing relationship with the recipient. That is, MSAs and MDAs can take advantage of having prior relationships with users, in order to constrain their transfer activities. Specifically, an MSA can choose to reject all postings from MUAs for which it has no existing relationship. Similarly, an MDA can choose to reject all mail to recipients for which that MDA has no arrangement to perform delivery. Indeed, both of these policies are already in common practice. Best practices are: o Operators of MSAs MUST perform authentication during mail submission, based on an existing relationship with the submitting entity. This requirement applies to all mail submission mechanisms. o For email being received from outside their local operational environment, email service operators MUST distinguish between mail that will be delivered inside that environment, from mail that is to be relayed back out to the Internet. This prevents the problem embodied by "open" relays. o Mail coming from outside an email operator's local environment, and having a RCPT-TO address that resolves to a destination outside the local environment, MUST be treated as mail submission, rather than mail relaying. o MDAs SHALL NOT accept mail to recipients for which that MDA has no arrangement to perform delivery. Hutzler, et al. Expires March 15, 2004 [Page 5] Internet-Draft Email Port Access March 2004 4. External Submission An MUA, such as one desiring enforced privacy, may need to submit mail across the Internet, rather than to a local MSA. This requirement creates a challenge for the provider operating the network that hosts the MUA. It makes that provider an involuntary recruit to the task of solving mass- effect email problems. When the MUA participates in a problem that affects large numbers of Internet users, the operator is expected to effect remedies and is often expected to prevent such occurrences. A proactive technique used by some providers is to block all outbound Port 25 SMTP traffic or to force this traffic through a local SMTP proxy, except for hosts that are explicitly authorized. This can be problematic for some users, notably legitimate mobile users attempting use their "home" MSA, even though those users might already employ legitimate, Port 25-based authentication. This document offers no recommendation concerning the blocking of SMTP Port 25. Rather, it pursues the constructive benefit of using the official SUBMISSION Port 587 [1]. Best practices are: o MSAs MUST support the SUBMISSION port, for MUAs accessing from outside the MSA's local environment. o MSAs MUST perform authentication during all mail transactions on the SUBMISSION port, even for a message having a RCPT TO address that would not cause the message to be relayed. o Access Providers SHALL NOT block users from accessing the external Internet using the SUBMISSION port. o MUAs SHOULD use the SUBMISSION port for message submission. Note that the requirement for authentication, on the part of the MSA, thereby makes that MSA responsible for the ensuing traffic it generates. Hutzler, et al. Expires March 15, 2004 [Page 6] Internet-Draft Email Port Access March 2004 Figure 1 depicts examples of a local user (MUA.l) submitting a message to an MSA (MSA). It also shows a remote user (MUA.r), such as might be in a coffee shop offering "hotspot" wireless access, submitting a message to their "home" MSA via an Authenticated Port 587 transaction. "Home" Network smtp /--------\ Destination +-------+ +-----+ port 25 | | +----------+ | MUA.l | -> | MSA | ------> | | -> | MDA | +-------+ 25 +-----+ | INTERNET | 25 +----------+ or ^ | | 587 \--------<---|---\ | \---\----/ ^ SUBMISSION | Port 587 +--------+ | MUA.r | +--------+ "HotSpot" Figure 1: Example of Port 587 Usage Hutzler, et al. Expires March 15, 2004 [Page 7] Internet-Draft Email Port Access March 2004 5. Message Submission Authentication Technologies There are many different technologies available to authenticate message submission transactions. These range from simple mechanisms like POP authorization before SMTP and IP Address access lists all the way to SMTP AUTH [4] and client side certificates using Transport Layer Security (TLS) [5]. Depending on the environment, each of these mechanisms can be more or less effective and convenient. Organizations are encouraged to choose the most secure approach that is practical. For example, SMTP AUTH [4] using a secure authentication method like CRAM-MD5 or DIGEST-MD5 may be sufficient. However, in some environments, it is impractical to use one of the secure methods, meaning that SMTP AUTH [4] would be transmitting the username and the password in clear text over insecure networks. This could allow attackers to listen for this traffic and steal account data. In these cases, using STARTTLS [5] to establish an encrypted channel for transmission of the SMTP AUTH [4] username and password would be preferred. Similarly, STARTTLS [5] with client side certificates could be used with the SMTP AUTH [4] EXTERNAL mechanism to achieve secure authentication. Hutzler, et al. Expires March 15, 2004 [Page 8] Internet-Draft Email Port Access March 2004 6. Security Considerations Email transfer between independent administrations can be the source of large volumes of unwanted email and email containing malicious content designed to attack the recipient's system. This document addresses the requirements to permit such exchanges while reducing the likelihood that malicious mail will be transmitted. Hutzler, et al. Expires March 15, 2004 [Page 9] Internet-Draft Email Port Access March 2004 Appendix A. Acknowledgments These recommendations were first formulated during informal discussions among members of Anti-Spam Technical Alliance (ASTA) and some participants from the Internet Research Task Force's Anti-Spam Research Group (ASRG). Hutzler, et al. Expires March 15, 2004 [Page 10] Internet-Draft Email Port Access March 2004 Normative References [1] Gellens, R. and J. Klensin, "Message Submission", RFC 2476, December 1998. [2] Klensin, J., "Simple Mail Transfer Protocol", RFC 2821, April 2001. Hutzler, et al. Expires March 15, 2004 [Page 11] Internet-Draft Email Port Access March 2004 Informative References [3] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [4] Myers, J., "SMTP Service Extension for Authentication", RFC 2554, March 1999. [5] Hoffman, P., "SMTP Service Extension for Secure SMTP over Transport Layer Security", RFC 3207, February 2002. Authors' Addresses Carl Hutzler America Online 12100 Sunrise Valley Drive Reston, VA 20191 Phone: +1 703 265 5521 EMail: cdhutzler@aol.com URI: Dave Crocker Brandenburg Internetworking 675 Spruce Drive Sunnyvale, CA 94086 US Phone: +1 408 246 8253 EMail: dcrocker@brandenburg.com URI: http://www.brandenburg.com/ Peter W. Resnick QUALCOMM Incorporated 5775 Morehouse Drive San Diego, CA 92121-1714 US Phone: +1 858 651 4478 EMail: presnick@qualcomm.com URI: http://www.qualcomm.com/~presnick/ Hutzler, et al. Expires March 15, 2004 [Page 12] Internet-Draft Email Port Access March 2004 Robert Sanders Earthlink, Inc. 1375 Peachtree Street Atlanta, GA 30309 US Phone: +1 404 748 7021 EMail: sandersr@corp.earthlink.net URI: http://home.mindspring.com/~rsanders/ Eric Allman Sendmail, Inc. 6425 Christie Avenue, Suite 400 Emeryville, CA 94608 US Phone: +1 510 594 5501 EMail: eric@sendmail.com Hutzler, et al. Expires March 15, 2004 [Page 13] Internet-Draft Email Port Access March 2004 Intellectual Property Statement The IETF takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on the IETF's procedures with respect to rights in standards-track and standards-related documentation can be found in BCP-11. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users of this specification can be obtained from the IETF Secretariat. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to practice this standard. Please address the information to the IETF Executive Director. Full Copyright Statement Copyright (C) The Internet Society (2004). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assignees. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION Hutzler, et al. Expires March 15, 2004 [Page 14] Internet-Draft Email Port Access March 2004 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Acknowledgment Funding for the RFC Editor function is currently provided by the Internet Society. Hutzler, et al. Expires March 15, 2004 [Page 15]