7
Network Working Group J. Degener
8
Request for Comments: 3894 Sendmail, Inc.
9
Category: Standards Track October 2004
12
Sieve Extension: Copying Without Side Effects
16
This document specifies an Internet standards track protocol for the
17
Internet community, and requests discussion and suggestions for
18
improvements. Please refer to the current edition of the "Internet
19
Official Protocol Standards" (STD 1) for the standardization state
20
and status of this protocol. Distribution of this memo is unlimited.
24
Copyright (C) The Internet Society (2004).
28
The Sieve scripting language allows users to control handling and
29
disposal of their incoming e-mail. By default, an e-mail message
30
that is processed by a Sieve script is saved in the owner's "inbox".
31
Actions such as "fileinto" and "redirect" cancel this default
34
This document defines a new keyword parameter, ":copy", to be used
35
with the Sieve "fileinto" and "redirect" actions. Adding ":copy" to
36
an action suppresses cancellation of the default "inbox" save. It
37
allows users to add commands to an existing script without changing
38
the meaning of the rest of the script.
42
The Sieve scripting language [SIEVE] allows users to control handling
43
and disposal of their incoming e-mail. Two frequently used Sieve
44
commands are "fileinto" (saving into a local message store, such as
45
an IMAP server) and "redirect" (forwarding to another e-mail
46
address). Both of these cancel the Sieve default behavior of saving
47
into the user's "inbox".
49
But some users have the notion of forwarding an extra copy of a
50
message for safekeeping to another e-mail address, or of saving a
51
copy in a folder - in addition to the regular message delivery, which
52
shouldn't be affected by the copy.
58
Degener Standards Track [Page 1]
60
RFC 3894 Sieve Extension - Copy Without Side Effects October 2004
63
If saving an extra copy is all the user wanted to do,
65
fileinto "unfiltered";
68
would do the job. The "keep" command does explicitly what the
69
cancelled default behavior did. But the explicit "keep" is a poor
70
substitute for the implicit "keep" when more processing follows:
72
fileinto "unfiltered";
75
if header "Subject" "MAKE MONEY FAST!!!"
80
In this example, the "discard" is ineffective against the explicit
81
"keep"; the discarded message still ends up in the user's inbox.
83
It is possible to generate Sieve code that perfectly expresses a
84
user's wishes, but such code quickly grows unwieldy because it needs
85
to keep track of the state that the implicit "keep" would have had
86
without the "fileinto" or "redirect" command.
88
This extension tries to make life easier for user interface designers
89
and script writers by allowing them to express the "copy" semantics
94
Conventions for notations are as in [SIEVE] section 1.1, including
95
use of [KEYWORDS] and "Syntax:" label for the definition of action
96
and tagged arguments syntax.
98
The capability string associated with extension defined in this
101
3. ":copy" extension to the "fileinto" and "redirect" commands
104
"fileinto" [":copy"] <folder: string>
105
"redirect" [":copy"] <address: string>
107
If the optional ":copy" keyword is specified with "fileinto" or
108
"redirect", the tagged command does not cancel the implicit "keep".
109
Instead, it merely files or redirects a copy in addition to whatever
110
else is happening to the message.
114
Degener Standards Track [Page 2]
116
RFC 3894 Sieve Extension - Copy Without Side Effects October 2004
121
require ["copy", "fileinto"];
122
fileinto :copy "incoming";
124
# ... more processing follows ...
126
4. Security Considerations
128
The "copy" extension makes it easier to eavesdrop on a user's message
129
stream without the user noticing. This was technically possible
130
before if an attacker gained read/write access to a user's Sieve
131
scripts, but now an attacker no longer needs to parse a script in
132
order to modify it. Write access to Sieve scripts must be protected
133
as strongly as read/write access to e-mail, for example by using
134
secure directory protocols such as correctly parameterized LDAP over
137
Organizations that wish to monitor their users' e-mail traffic must
138
familiarize themselves with local data protection laws before
139
creating stores of old e-mail traffic without control, or perhaps
140
even knowledge, of the sender or intended recipients.
142
Organizations that legally use "redirect :copy" to eavesdrop on
143
correspondence (for example, by keeping a log to answer questions
144
about insider trading at a later time) can avoid future problems by
145
setting users' privacy expectations correctly.
147
5. IANA Considerations
149
The following template specifies the IANA registration of the "copy"
150
Sieve extension specified in this document.
153
Subject: Registration of new Sieve extension
155
Capability name: copy
156
Capability keyword: copy
157
Capability arguments: N/A
158
Standards Track: RFC 3894
159
Person and email address to contact for further information:
163
6425 Christie Ave, 4th Floor
166
Email: jutta@sendmail.com
170
Degener Standards Track [Page 3]
172
RFC 3894 Sieve Extension - Copy Without Side Effects October 2004
175
This information has been added to the list of Sieve extensions given
176
on http://www.iana.org/assignments/sieve-extensions.
180
Thanks to Eric Allman, Ned Freed, Will Lee, Nigel Swinson, and Rand
181
Wacker for corrections and comments.
185
7.1. Normative References
187
[KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate
188
Requirement Levels", BCP 14, RFC 2119, March 1997.
190
[SIEVE] Showalter, T., "Sieve: A Mail Filtering Language", RFC
193
7.2. Informative References
195
[LDAP] Wahl, M., Alvestrand, H., Hodges, J., and R. Morgan,
196
"Authentication Methods for LDAP", RFC 2829, May 2000.
202
6425 Christie Ave, 4th Floor
205
EMail: jutta@sendmail.com
226
Degener Standards Track [Page 4]
228
RFC 3894 Sieve Extension - Copy Without Side Effects October 2004
231
Full Copyright Statement
233
Copyright (C) The Internet Society (2004).
235
This document is subject to the rights, licenses and restrictions
236
contained in BCP 78, and except as set forth therein, the authors
237
retain all their rights.
239
This document and the information contained herein are provided on an
240
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/S HE
241
REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE
242
INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR
243
IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
244
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
245
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
247
Intellectual Property
249
The IETF takes no position regarding the validity or scope of any
250
Intellectual Property Rights or other rights that might be claimed to
251
pertain to the implementation or use of the technology described in
252
this document or the extent to which any license under such rights
253
might or might not be available; nor does it represent that it has
254
made any independent effort to identify any such rights. Information
255
on the IETF's procedures with respect to rights in IETF Documents can
256
be found in BCP 78 and BCP 79.
258
Copies of IPR disclosures made to the IETF Secretariat and any
259
assurances of licenses to be made available, or the result of an
260
attempt made to obtain a general license or permission for the use of
261
such proprietary rights by implementers or users of this
262
specification can be obtained from the IETF on-line IPR repository at
263
http://www.ietf.org/ipr.
265
The IETF invites any interested party to bring to its attention any
266
copyrights, patents or patent applications, or other proprietary
267
rights that may cover technology that may be required to implement
268
this standard. Please address the information to the IETF at ietf-
273
Funding for the RFC Editor function is currently provided by the
282
Degener Standards Track [Page 5]