Updated Use of the Expires Message Header Field

Introduction The date and time of expiration can be used by the mailbox provider or the MUA to indicate to the user that certain messages could be deleted, in an attempt to unclutter the user's mailbox and spare storage resources. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

Header Field example The header field definition and syntax remain the same as in , the time at which a message loses its validity. expires = "Expires" ":" date-time Example: Expires: Wed, 1 Dec 2021 17:22:57 +0000 Message creators MUST NOT include more than one Expires header field in the message they send. If there is more than one Expires header field then message readers SHOULD act as if no Expires header field is present.

Security considerations Dates in this header field can be set a long way in the past or in the future, including outside the range of internal time representations in some programming environments - all software which processes the Expires header field MUST be made safe against this possibility.

Advice to Message Creators Message creators add the header field along with a relevant date and time when they know that the content of the message has no value after a given point of time. This could apply to commercial newsletters, that include time-limited offers, event announcements, social notifications, or Time-limited access codes.

Advice to Message Readers (Mailbox providers, Webmails and MUAs) The expiration of a message's validity would logically lead to the deletion of the message. However, users on most systems do not expect their emails to disappear, and may not be aware that any particular email has an Expires header field. Therefore, no email should be silently and automatically deleted solely based on the value of the Expires header field. Mailbox providers could indicate when a user is viewing an expired message, and could allow users to control over the actions to take for expired messages. The information provided in the header field is intended to be used as a signal that could be used to provide a feature or improved experience to the end-user. For instance, systems may allow automatic rules to clean up expired email from specific message creators or with defined characteristics, or to provide a mode to quickly handle all expired email. In certain cases, email messages can be used as an element of an investigation. An early deletion may compromise an investigation, so mailbox providers could ignore the Expires information in such cases. Presence of the Expires header field MUST NOT be interpreted as a sign that a message is legitimate.

Past History of the Expires: header field defines a number of header fields that can be added to Internet messages including those used for mapping between X.400 and RFC822/MIME . One of them is the Expires header field that provides the date and time at which a message is considered to lose its validity. The same principle can be applied to the Expires header field in general, whether the message comes from a X.400 gateway as initially intended in , or elsewhere. Netnews articles have an Expires header with a similar slightly more strict syntax and similar meaning.

Acknowledgements This document was informed by discussions with and/or contributions from Jonathan Loriaux, Charles Sauthier and Simon Bressier.

IANA Considerations IANA is requested to update an existing entry in the Permanent Message Headers Field Names registry Header field name: Expires Applicable protocol: mail Status: standard Author/Change controller: IETF Specification document: this document