Re: [ietf-smtp] DSNs

John C Klensin <> Sat, 18 April 2020 23:10 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9C68B3A13D2 for <>; Sat, 18 Apr 2020 16:10:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0.003
X-Spam-Status: No, score=0.003 tagged_above=-999 required=5 tests=[SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id T4TqkF8XtXtV for <>; Sat, 18 Apr 2020 16:10:29 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B4F193A13D4 for <>; Sat, 18 Apr 2020 16:10:29 -0700 (PDT)
Received: from [] (helo=PSB) by with esmtp (Exim 4.82 (FreeBSD)) (envelope-from <>) id 1jPwbU-000Bkj-7k; Sat, 18 Apr 2020 19:10:28 -0400
Date: Sat, 18 Apr 2020 19:10:21 -0400
From: John C Klensin <>
To: John Levine <>,
Message-ID: <C1A5FAAA942E0F363CA177C0@PSB>
In-Reply-To: <r7fq4k$1nm5$>
References: <20200409230011.F039B17637D0@ary.qy> <alpine.OSX.2.22.407.2004091945050.80689@ary.qy> <> <> <r7fq4k$1nm5$>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-SA-Exim-Scanned: No (on; SAEximRunCond expanded to false
Archived-At: <>
Subject: Re: [ietf-smtp] DSNs
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 18 Apr 2020 23:10:34 -0000

--On Saturday, April 18, 2020 21:06 +0000 John Levine
<> wrote:

> In article <>rg>,
> Viktor Dukhovni  <> wrote:
>>> On Apr 10, 2020, at 5:04 AM, Claus Assmann
>>> <> wrote:
>>> On Thu, Apr 09, 2020, John R Levine wrote:
>>>> Oh, RFC 3461.  Agreed, it's basically an SMTP level web
>>>> bug.  Nobody implements that.
>>> sendmail implemented it too (more than 20 years ago?). I
>>> guess it should read "nobody enables/uses it"?
>> And likewise Postfix also implements RFC3461.  It is on by
>> default. I turn it off on inbound edge systems, and ignore
>> remote "DSN" on outbound edge systems.  That way, any DSNs
>> are sent within either my or the remote ADMD, but not across
>> ADMD boundaries. ...
> I meant that nobody sends positive DSNs.  You're right, we get
> lots of DSN bounces.

But, fwiw, I occasionally (very rarely) request delivery and/or
read receipts and sometimes (especially for the former) get
responses and get them in DNS form.  It may not be common, but
terms like "nobody" are a little strong.

And that brings me back to what I think are the key questions as
far as some potential WG that looks at 5321/5322 updates and
maybe their relationship to other email specs:

(1) Are DSNs implemented broadly enough that it is reasonable to
claim that the spec is good enough to allow interoperability?
Because RFC 3461 met the interoperability criteria for Draft
Standard 17 years ago, I think the only basis for claiming the
answer to that question is not "yes" would be the discovery of
some horrible problem in the specification that, if known, would
have produced a "no" answer when 3461 was reviewed and approved.

(2) Have they been deployed sufficiently to demonstrate that
they are perceived of as useful by at least some of the people
some of the time.  Noting that the requirements for full
standard do not distinguish between good and evil users, the
number of DNS requests --especially for read acknowledgments-- I
see in a month seems to make the case even if I don't choose to
have those acknowledgements sent back out.

(3) Have the specification or the feature proven sufficiently
problematic that we should be moving to deprecate RFC 3461
and/or the specifications that depend on it and/or update it?  I
haven't heard that argument yet.

And that leads to a question that I think is quite separate from
the above:

(4) Are DNSs sufficiently problematic under various conditions
that have been observed in the current world that we would
recommend that at least some of them not be used -- and requests
for them either rejected or ignored -- unless they are
accompanied by some mechanism that allows verification of the
legitimacy of the requestor and request and/or that the reply is
actually a response to a request and requestor.  Unless the
answers to some of those questions require changes to the DSN
spec(s) themselves, it seems to me they are matters for an
applicability statement about when and how DSNs should be used
(or not used) and not about the DNS specs.

Anyway, that is my analysis after reflecting on the recent
thread.  YMMD, of course.