Re: [Ietf-message-headers] Provisional Registration for "Wrong-Recipient" mail header
Simon Josefsson <simon@josefsson.org> Wed, 03 January 2024 10:46 UTC
Return-Path: <simon@josefsson.org>
X-Original-To: ietf-message-headers@ietfa.amsl.com
Delivered-To: ietf-message-headers@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38CBAC2FEE12 for <ietf-message-headers@ietfa.amsl.com>; Wed, 3 Jan 2024 02:46:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=josefsson.org header.b="s0d/bwxi"; dkim=pass (2736-bit key) header.d=josefsson.org header.b="biijgLI2"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4KTEzTHlVXKO for <ietf-message-headers@ietfa.amsl.com>; Wed, 3 Jan 2024 02:46:29 -0800 (PST)
Received: from uggla.sjd.se (uggla.sjd.se [IPv6:2001:9b1:8633::107]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A5CBAC151066 for <ietf-message-headers@ietf.org>; Wed, 3 Jan 2024 02:46:28 -0800 (PST)
DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=ed2303; h=Content-Type:MIME-Version:Message-ID:In-Reply-To :Date:References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding :Content-ID:Content-Description; bh=NuDpDs5bcH9Qv1NC0UutTnXQnxcvEJJKtV+4mpujhWg=; t=1704278781; x=1705488381; b=s0d/bwxijQ6cpFcFChUYyPjwSF7HtK30W6F9ASNJSMVa2k9ip4UP8+Hmlus0+gNROZRVClPlzsp PW47odkc6Ag==;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=rsa2303; h=Content-Type:MIME-Version:Message-ID: In-Reply-To:Date:References:Subject:Cc:To:From:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=NuDpDs5bcH9Qv1NC0UutTnXQnxcvEJJKtV+4mpujhWg=; t=1704278781; x=1705488381; b=biijgLI2tHzdo5oEESSeLw0ws+xc0DCtXKXQuUG7o2XMboUx0OAoAjygkTwbfz2UeY0u1WPjxXH A9GZDmUUSnR0Sem6mkiazGgenTnsTzkdaqAfBDEiawmj5IXhtvby7HlcdcQru+3lgTsdT/rpXfyf3 YuXZ7QkhGUGL0ey+g3i0ZUqzTlW4be3ua38iKSIQpPBHX+zsGqWnteH0lpacAvO2Kvv1HnlMwbEaQ +cBmqBn7tdICTPL3TE7XHRKRMzUgvAelz5IuSjFkCN/Y171dbtik2zso80oQTUyIgmNLw8Xv7ovbT nSkGNccmZH4OczBJiIeXTg8650UUQwMdVJYfL0nsIxlfq3SciWansbiveY2ffxhD5DLsJdfIwE0Sy ogBkVML8fDoBdMmpnbwoSXeB9hxlMcCSpKiH5EPyyGDLrno7G9+MeKeDZBy2PcqCSfAx6ydXc;
Received: from [2001:9b1:41ac:ff00:823f:5dff:fe09:16ac] (port=55382 helo=kaka) by uggla.sjd.se with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from <simon@josefsson.org>) id 1rKylN-005m13-EG; Wed, 03 Jan 2024 10:46:17 +0000
X-Hashcash: 1:23:240103:david@weekly.org::aa9FAt9o5u5C9UB+:LtVq
From: Simon Josefsson <simon@josefsson.org>
To: David Weekly <david@weekly.org>
Cc: ietf-message-headers@ietf.org
References: <CAD0F4Ng4iRUsfTgOKeitJzCYvjfWm2-uCtGDUf3qRC6WAt0YjA@mail.gmail.com>
OpenPGP: id=B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE; url=https://josefsson.org/key-20190320.txt
X-Hashcash: 1:23:240103:david=40weekly.org@dmarc.ietf.org::DV64Eg8S8ppEmnUV:10ax
X-Hashcash: 1:23:240103:ietf-message-headers@ietf.org::xsKclxYcek1ANwO2:5jvW
Date: Wed, 03 Jan 2024 11:46:07 +0100
In-Reply-To: <CAD0F4Ng4iRUsfTgOKeitJzCYvjfWm2-uCtGDUf3qRC6WAt0YjA@mail.gmail.com> (David Weekly's message of "Wed, 3 Jan 2024 17:03:26 +1200")
Message-ID: <87edeyr8y8.fsf@kaka.sjd.se>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-message-headers/_IkDd7CVZAZxiScmQpENs59lZSM>
Subject: Re: [Ietf-message-headers] Provisional Registration for "Wrong-Recipient" mail header
X-BeenThere: ietf-message-headers@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Discussion list for header fields used in Internet messaging applications." <ietf-message-headers.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-message-headers>, <mailto:ietf-message-headers-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-message-headers/>
List-Post: <mailto:ietf-message-headers@ietf.org>
List-Help: <mailto:ietf-message-headers-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-message-headers>, <mailto:ietf-message-headers-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jan 2024 10:46:34 -0000
David Weekly <david=40weekly.org@dmarc.ietf.org> writes: > Header field name: Wrong-Recipient > Protocol: mail > Status: provisional > Author: David Weekly <david@weekly.org> > Specification: > https://datatracker.ietf.org/doc/draft-dweekly-wrong-recipient/ > > Current intent is to attempt to develop the above draft I-D into an RFC > with IETF, am just beginning that process. > > This is a "cousin" to List-Unsubscribe (RFC 4021) and List-Unsubscribe-Post > (RFC 8058) meant to allow an email reader to explicitly indicate they are > the wrong recipient of an email from a service. > Interesting. There should be discussion about the potential for security problems for a user if she follows the link in the header: the user will leak to the service that she has received and read the e-mail. This design may lead to an attack where malicious sites sends e-mails with this header, and unsuspecting users will click the button to avoid future such e-mails, and the malicious site has learned that this is a valid e-mail address read by a human (with a modern e-mail client that supports this feature). The draft doesn't say what the client should do with the response from the POST. Is this to be displayed in a browser? Or merely as a background POST from the MUA? Users would want some form of feedback after pressing that button. /Simon
- [Ietf-message-headers] Provisional Registration f… David Weekly
- Re: [Ietf-message-headers] Provisional Registrati… Simon Josefsson
- Re: [Ietf-message-headers] Provisional Registrati… David Weekly
- Re: [Ietf-message-headers] Provisional Registrati… Graham Klyne