#35365: Add RFC 3834 Auto-Submitted header to emails by default
---------------------------------+------------------------------------
Reporter: Tobias Bengfort | Owner: cgracin
Type: New feature | Status: assigned
Component: Core (Mail) | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
---------------------------------+------------------------------------
Comment (by Mike Edmunds):
Took a closer look at the proposed patch, and as currently implemented
this will only affect email backends that call `EmailMessage.message()`.
Many non-SMTP email backends don't, so my earlier concern wouldn't apply
to them. But this will still break anyone using an ESP's SMTP endpoint if
their ESP doesn't allow the header. (And if the docs recommend setting
`"Auto-Submitted": "no"` in `headers` to disable the feature, that will
break both SMTP ''and non-SMTP'' backends for those ESPs.)
I appreciate the thought and effort that went into this change (and that
it attracted a new contributor!), but I also don't feel good about it.
After re-reading RFC 3834 section 5 a few times, it's not at all clear to
me that `Auto-Submitted: auto-generated` is an appropriate generalization
for the wide variety of apps that are implemented with Django, and the
emails they might send.
For example, if you're using something like django-helpdesk to reply to a
user's support ticket, you are creating what the RFC calls a "manually
generated message" (it's a direct reply to another message, and not
automatic). The RFC says auto-generated "MUST NOT be used on manually
generated messages." In practical terms, you ''might want'' to see
vacation autoresponses or challenge messages necessary for your support
response to be delivered. At best, this seems like it should be a django-
helpdesk setting, not something Django applies by default to all apps
built with the framework.
I suppose django-helpdesk might be a case where "Django is used to
implement an email client" of sorts. My concern is, I'm not sure a
general-purpose framework like Django can really be sure that sort of use
is a "rare exception."
[Also, to be clear, django-helpdesk ''needs to'' (and does) set `Auto-
Submitted: auto-replied` on any ''automatic'' responses it sends, to
prevent mail loops. And preventing mail loops is the primary point of RFC
3834. But "auto-replied" is always going to be app specific logic, and
isn't covered by this proposed change.]
--
Ticket URL: <
https://code.djangoproject.com/ticket/35365#comment:14>