Return receipts and how to annoy users.

DNT/MDN - Message Delivery Notification (well technically Disposition-Notification-To and Message Disposition Notification)

In the space of 6 threads I received two emails with MDN tags.

What is an MDN?

MDN is a protocol to solve the problem of not knowing whether your message was actually received by the addressee.

How does MDN differ from the older attempts at solving this problem?

Previous attempts tended to result in the mail server responding to the author of the message when it stuck the email in the user's inbox. Or in really bad cases when some *random* mail server in the delivery chain delivered the message according to its delivery rule.

In Mozilla Mail MDNs as of late may would pop up *before* the message loaded, that is over the *previous* message body (IIRC the envelope is for the MDN message but the message body is still the previous message).

OK, so I decided to read RFC 2298. Section 4 has a timeline:

User selects a message and requests that some action be performed on it.
[Action: clicks message, requesting to well... see the message]
UA performs requested action and, with user's permission, sends appropriate MDN ("displayed", "dispatched", "processed", "deleted", "denied" or "failed" disposition type with "manual- action" and "MDN-sent-manually" or "MDN-sent-automatically" disposition mode).

[Note: Mozilla asks for permission before actually showing the user the message, which is out of order according to the timeline]

OK, so obviously there's a minor problem there, but what's the bigger problem?

Well, the dialog appears before you read the email so like the older return receipts which would be sent long before the user got the email, the MDN doesn't actually indicate that the user read (past tense) the message, just that the user might read the message. Now, it's true that most people don't care about such a distinction.

But if you wrote something to someone, do you want to know that it was delivered, or that it was read?

Since MDN is a response to the older return receipt systems which were considered failures because they addressed delivery, I assert that MDN is most useful indicating that the user read the message.

OK, so that's what I want, what else is wrong with MDN?

Well, MDN has this unfortunate tendency of not being cleared when email is propagated by list-serves.

Why is this bad?

Well,... people are kind of lazy, and email clients (and their authors) are lazier still... Mozilla Mail as of late June offers a single checkbox [x] always request a return receipt in preferences. Contrast this with send format where you can sort email addresses into likes HTML and doesn't want HTML.

So, what happens?

lazy (or perhaps through no fault of their own) people select this option and then send mail to mailing lists. imagine a mailing list has 100 recipients. each of those recipients is asked by MDN to indicate that the user received the email. OK, perhaps someone really does want to find out that everyone on a list received an email.

Are there any amusing edge cases to DNT/MDN?

It turns out that AOL is one of them.

MDNs SHOULD NOT be sent automatically if the address in the Disposition-Notification-To header differs from the address in the Return-Path header (see RFC 822 [2]).

I haven't tested this part of the RFC on Mozilla Mail but I did ask an AOL QA who had a NSCP email address to try sending an email with a from of @netscape.com, I believe that the from line was rewritten to the QA's cannonical AOL account while the DNT was not.

So the DNT was @netscape.com and I believe that the Return-Path did not include @netscape.com.

What other problems are there?

Well RFC 2298 has this 'security' section (6) which is pretty much useless.

IMO the biggest concern is that spam include DNT headers. However, while the possibility of MDNs being forged is mentioned and the ability for an MDN to disclose confidential network topology is mentioned, the ability of a spammer to confirm your email address is not mentioned. How nice.

Are there other choices? yes. Read on :)