The Delivered-To Message Header Field

Introduction The Delivered-To message header field was introduced by the mail package in 1998, and adopted shortly afterward by and . Mail Delivery Agents (MDA) use the header field to detect and break delivery loops.

Header Field Syntax The syntax of the Delivered-To header field is similar to other mail message header fields. In the ABNF below, addr-spec is imported from . delivered-to = "Delivered-To:" addr-spec CRLF The contents of the header field is an opaque string that is an MDA-specific representation of the mailbox to which a message was delivered. The string need not be, and often is not, an address to which mail can be sent using SMTP. The domain part of the addr-spec is typically a mail domain managed by the MDA adding the header field, so the header field contents do not collide with header fields created by other MDAs.

Loop Breaking Some MDAs use the Delivered-To header field to break delivery loops using the following method. When an MDA is about to deliver a message, it creates a Delivered-To header field that represents the target of the delivery, and then scans the existing header fields in the message to see if an identical Delivered-To header field is already present. If so, the message is in a loop, and the delivery fails. If not, the MDA prepends the header field to the message and proceeds with the delivery. Delivered-To header fields are typically prepended to the message, similarly to the way trace header fields are prepended, but the loop breaking algorithm does not depend on the order of the header fields, only whether an identical header field is already present.

Related Header Fields Some MDAs add a different header field that records the actual RCPT TO address in an SMTP or submission session that handled the message. This header field is often called Envelope-To or X-Original-To, but varies from one MDA to another.

IANA Considerations IANA is requested to add the following entry to the Permanent Message Header Field Names registry:

Header Field Name	Template	Protocol	Status	Reference
Delivered-To	(blank)	mail	informational	[this document]

Security Considerations Depending on the way that an MDA creates the Delivered-To header field, it may be possible to guess internal details of the delivery process from the contents of the header field. To avoid this, some MDAs may obscure the Delivered-To contents by hashing or otherwise transforming the part of contents to the left of the @-sign to make it harder to reverse engineer. Malicious senders have occasionally sent messages with a Delivered-To header field that deliberately matches the one to be added by an MDA, to provoke a bounce from that MDA to the envelope sender of the message, causing what is known as "blowback spam." Mitigations are the same as for any undeliverable mail that may have a forged envelope sender address.

Acknowledgments We thank Sam Varshavchik for his reviews and useful suggestions.