Skip to main content

Message Tracking Model and Requirements
RFC 3888

Document Type RFC - Informational (September 2004)
Author Tony Hansen
Last updated 2015-10-14
RFC stream Internet Engineering Task Force (IETF)
Formats
Additional resources Mailing list discussion
IESG Responsible AD Scott Hollenbeck
Send notices to (None)
RFC 3888
IESG state changed to Approved-announcement sentquot; model requires active enabling to indicate that
   some form of tracking is to be performed.  The tracking information
   can be sent back immediately (as a form of telemetry) or sent to a
   3rd party for later retrieval.

Hansen                       Informational                      [Page 5]
RFC 3888        Message Tracking Model and Requirements   September 2004

5.2.2.  Passive Request Tracking Information

   Forms of passive tracking information that could potentially be
   requested are as follows.  Note that mechanisms already exist for
   requesting the information marked with a (+).  The references for
   such mechanisms are listed at the end of each such entry.

   **   send a DSN of a message arriving at an intermediate MTA

   **   (+) send a DSN of a message being rejected while at an
        intermediate MTA [RFC-DSN]

   **   (+) send a DSN of a message leaving an intermediate MTA and
        going to another MTA [RFC-DELIVER-BY]

   **   send a DSN of a message arriving at a final MTA

   **   (+) send a DSN of a message being rejected while at a final MTA
        [RFC-DSN]

   **   (+) send a DSN of a message being delivered to a user's message
        store [RFC-DSN]

   **   (+) send a DSN of a message being delivered to a foreign MTA
        [RFC-DSN]

   **   (+) send an MDN of a message being read by an end user [RFC-MDN]

5.3.  Active Request Model

   The "active request" model requires an active query by a user's user
   agent to the MSA, intermediate MTAs and final MTA, or to a third
   party, to find the message's status as known by that MTA.  Active
   request will work with either passive enabling or active enabling.

5.3.1.  Server Chaining vs. Server Referrals

   When a tracking server has been asked for tracking information, and
   the message has been passed on to another MTA of which this tracking
   server has no tracking knowledge, there are two modelling choices:

   **   the first tracking server will contact the next tracking server
        to query for status and pass back the combined status (server
        chaining), or

   **   the first tracking server will return the address of the next
        MTA and the tracking client has the responsibility of contacting
        the next tracking server (server referrals).

Hansen                       Informational                      [Page 6]
RFC 3888        Message Tracking Model and Requirements   September 2004

5.3.2.  Active Request Tracking Information

   Forms of active tracking information that could potentially be
   requested are as follows.  (Note that no mechanisms currently exist
   for requesting such information.)

   **   the message has been queued for later delivery

   **   the message was delivered locally

   **   the message was delivered to another MTA,

   **   the message was delivered to a foreign MTA

   **   ask a different tracking server,

   **   I know but can't tell you,

   **   I don't know.

5.4.  Combining DSN and MDN Information with Message Tracking
      Information

   The information that would be retrieved by message tracking and the
   information that is returned for DSN and MDN requests all attempt to
   answer the question of "what happened to message XX"?  The
   information provided by each is complimentary in nature, but similar.
   A tracking user agent could use all three possible information
   sources  to present a total view of the status of a message.

   Both DSN and MDN notifications utilize the formats defined by RFC
   3462 [RFC-REPORT].  This suggests that the information returned by
   message tracking solutions should also be similar.

6.  Security Considerations

6.1.  Security Considerations Summary

   Security vulnerabilities are detailed in [RFC-MTRK-ESMTP], [RFC-
   MTRK-TSN] and [RFC-MTRK-MTQP].  These considerations include:

   **   vulnerability to snooping or replay attacks when using
        unencrypted sessions

   **   a dependency on the randomness of the per-message secret

   **   reliance on TLS

Hansen                       Informational                      [Page 7]
RFC 3888        Message Tracking Model and Requirements   September 2004

   **   man-in-the-middle attacks

   **   reliance on the server maintaining the security level when it
        performs chaining

   **   denial of service

   **   confidentiality concerns

   **   forgery by malicious servers

6.2.  Message Identification and Authentication

   This is a security model for message identification and
   authentication that could be deployed.  (There may be others.)

   A Tracking User Agent must prove that they are permitted to request
   tracking information about a message.  Every [RFC-822]-compliant
   message is supposed to contain a Message-Id header.  One possible
   mechanism is for the originator to calculate a one-way hash A from
   the message ID + time stamp + a per-user secret.  The user then
   calculates another one-way hash B to be the hash of A.  The user
   includes B in the submitted message, and retains A.  Later, when the
   user makes a message tracking request to the messaging system or
   tracking entity, it submits A in the tracking request.  The entity
   receiving the tracking request then uses A to calculate B, since it
   was already provided B, verifying that the requestor is authentic.
   In summary,

      A = H(message ID + time stamp + secret)

      B = H(A)

   Another possible mechanism for A is to ignore the message ID and time
   stamp and just use a one-way hash from a large (>128 bits) random
   number.  B would be calculated as before.  In summary,

      A = H(large-random-number)

      B = H(A)

   This is similar in technique to the methods used for One-Time
   Passwords [RFC-OTP].  The success of these techniques is dependent on
   the randomness of the per-user secret or the large random number,
   which can be incredibly difficult in some environments.

Hansen                       Informational                      [Page 8]
RFC 3888        Message Tracking Model and Requirements   September 2004

   If the originator of a message were to delegate his or her tracking
   request to a third party by sending it A, this would be vulnerable to
   snooping over unencrypted sessions.  The user can decide on a
   message-by-message basis if this risk is acceptable.

7.  Informational References

   [RFC-822]          Crocker, D., "Standard for the format of ARPA
                      Internet text messages", STD 11, RFC 822, August
                      1982.

   [RFC-DELIVER-BY]   Newman, D., "Deliver By SMTP Service Extension",
                      RFC 2852, June 2000.

   [RFC-DSN]          Moore, K., and G. Vaudreuil, "An Extensible
                      Message Format for Delivery Status Notifications",
                      RFC 3464, January 2003.

   [RFC-ESMTP-DSN]    Moore, K., "Simple Mail Transfer Protocol (SMTP)
                      Service Extension for Delivery Status
                      Notifications (DSNs)", RFC 3461, January 2003.

   [RFC-KEYWORDS]     Bradner, S., "Key words for use in RFCs to
                      Indicate Requirement Levels", BCP 14, RFC 2119,
                      March 1997.

   [RFC-MDN]          Hansen, T. and G. Vaudreuil, Eds., "Message
                      Disposition Notifications", RFC 3798, May 2004.

   [RFC-OTP]          Haller, N., Metz, C., Nesser, P. and M. Straw, "A
                      One-Time Password System", STD 61, RFC 2289,
                      February 1998.

   [RFC-REPORT]       Vaudreuil, G., "The Multipart/Report Content Type
                      for the Reporting of Mail System Administrative
                      Messages", RFC 3462, January 2003.

   [RFC-MTRK-ESMTP]   Allman, E. and T. Hansen, "SMTP Service Extension
                      for Message Tracking", RFC 3885, September 2004.

   [RFC-MTRK-TSN]     Allman, E., "The Message/Tracking-Status MIME
                      Extension", RFC 3886, September 2004.

   [RFC-MTRK-MTQP]    Hansen, T., "Message Tracking Query Protocol", RFC
                      3887, September 2004.

Hansen                       Informational                      [Page 9]
RFC 3888        Message Tracking Model and Requirements   September 2004

8.  Acknowledgements

   This document is the product of input from many people and many
   sources, including all of the members of the Message Tracking Working
   Group: Philip Hazel, Alexey Melnikov, Lyndon Nerenberg, Chris Newman,
   and Gregory Neil Shapiro.  It owes much to earlier work by Gordon
   Jones, Bruce Ernst, and Greg Vaudreuil.  In particular, I'd like to
   also thank Ken Lin for his considerable contributions to the early
   versions of the document.

9.  Author's Address

   Tony Hansen
   AT&T Laboratories
   Middletown, NJ 07748
   USA

   Phone: +1.732.420.8934
   EMail: tony+msgtrk@maillennium.att.com

Hansen                       Informational                     [Page 10]
RFC 3888        Message Tracking Model and Requirements   September 2004

10. Full Copyright Statement

   Copyright (C) The Internet Society (2004).

   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and except as set forth therein, the authors
   retain all their rights.

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/S HE
   REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE
   INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR
   IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
   THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Intellectual Property

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the IETF's procedures with respect to rights in IETF Documents can
   be found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at ietf-
   ipr@ietf.org.

Acknowledgement

   Funding for the RFC Editor function is currently provided by the
   Internet Society.

Hansen                       Informational                     [Page 11]