7Network Working Group J. Degener
8Request for Comments: 3894 Sendmail, Inc.
9Category: Standards Track October 2004
12 Sieve Extension: Copying Without Side Effects
16 This document specifies an Internet standards track protocol for the
17 Internet community, and requests discussion and suggestions for
18 improvements. Please refer to the current edition of the "Internet
19 Official Protocol Standards" (STD 1) for the standardization state
20 and status of this protocol. Distribution of this memo is unlimited.
24 Copyright (C) The Internet Society (2004).
28 The Sieve scripting language allows users to control handling and
29 disposal of their incoming e-mail. By default, an e-mail message
30 that is processed by a Sieve script is saved in the owner's "inbox".
31 Actions such as "fileinto" and "redirect" cancel this default
34 This document defines a new keyword parameter, ":copy", to be used
35 with the Sieve "fileinto" and "redirect" actions. Adding ":copy" to
36 an action suppresses cancellation of the default "inbox" save. It
37 allows users to add commands to an existing script without changing
38 the meaning of the rest of the script.
42 The Sieve scripting language [SIEVE] allows users to control handling
43 and disposal of their incoming e-mail. Two frequently used Sieve
44 commands are "fileinto" (saving into a local message store, such as
45 an IMAP server) and "redirect" (forwarding to another e-mail
46 address). Both of these cancel the Sieve default behavior of saving
47 into the user's "inbox".
49 But some users have the notion of forwarding an extra copy of a
50 message for safekeeping to another e-mail address, or of saving a
51 copy in a folder - in addition to the regular message delivery, which
52 shouldn't be affected by the copy.
58Degener Standards Track [Page 1]
60RFC 3894 Sieve Extension - Copy Without Side Effects October 2004
63 If saving an extra copy is all the user wanted to do,
65 fileinto "unfiltered";
68 would do the job. The "keep" command does explicitly what the
69 cancelled default behavior did. But the explicit "keep" is a poor
70 substitute for the implicit "keep" when more processing follows:
72 fileinto "unfiltered";
75 if header "Subject" "MAKE MONEY FAST!!!"
80 In this example, the "discard" is ineffective against the explicit
81 "keep"; the discarded message still ends up in the user's inbox.
83 It is possible to generate Sieve code that perfectly expresses a
84 user's wishes, but such code quickly grows unwieldy because it needs
85 to keep track of the state that the implicit "keep" would have had
86 without the "fileinto" or "redirect" command.
88 This extension tries to make life easier for user interface designers
89 and script writers by allowing them to express the "copy" semantics
94 Conventions for notations are as in [SIEVE] section 1.1, including
95 use of [KEYWORDS] and "Syntax:" label for the definition of action
96 and tagged arguments syntax.
98 The capability string associated with extension defined in this
1013. ":copy" extension to the "fileinto" and "redirect" commands
104 "fileinto" [":copy"] <folder: string>
105 "redirect" [":copy"] <address: string>
107 If the optional ":copy" keyword is specified with "fileinto" or
108 "redirect", the tagged command does not cancel the implicit "keep".
109 Instead, it merely files or redirects a copy in addition to whatever
110 else is happening to the message.
114Degener Standards Track [Page 2]
116RFC 3894 Sieve Extension - Copy Without Side Effects October 2004
121 require ["copy", "fileinto"];
122 fileinto :copy "incoming";
124 # ... more processing follows ...
1264. Security Considerations
128 The "copy" extension makes it easier to eavesdrop on a user's message
129 stream without the user noticing. This was technically possible
130 before if an attacker gained read/write access to a user's Sieve
131 scripts, but now an attacker no longer needs to parse a script in
132 order to modify it. Write access to Sieve scripts must be protected
133 as strongly as read/write access to e-mail, for example by using
134 secure directory protocols such as correctly parameterized LDAP over
137 Organizations that wish to monitor their users' e-mail traffic must
138 familiarize themselves with local data protection laws before
139 creating stores of old e-mail traffic without control, or perhaps
140 even knowledge, of the sender or intended recipients.
142 Organizations that legally use "redirect :copy" to eavesdrop on
143 correspondence (for example, by keeping a log to answer questions
144 about insider trading at a later time) can avoid future problems by
145 setting users' privacy expectations correctly.
1475. IANA Considerations
149 The following template specifies the IANA registration of the "copy"
150 Sieve extension specified in this document.
153 Subject: Registration of new Sieve extension
155 Capability name: copy
156 Capability keyword: copy
157 Capability arguments: N/A
158 Standards Track: RFC 3894
159 Person and email address to contact for further information:
163 6425 Christie Ave, 4th Floor
166 Email: jutta@sendmail.com
170Degener Standards Track [Page 3]
172RFC 3894 Sieve Extension - Copy Without Side Effects October 2004
175 This information has been added to the list of Sieve extensions given
176 on http://www.iana.org/assignments/sieve-extensions.
180 Thanks to Eric Allman, Ned Freed, Will Lee, Nigel Swinson, and Rand
181 Wacker for corrections and comments.
1857.1. Normative References
187 [KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate
188 Requirement Levels", BCP 14, RFC 2119, March 1997.
190 [SIEVE] Showalter, T., "Sieve: A Mail Filtering Language", RFC
1937.2. Informative References
195 [LDAP] Wahl, M., Alvestrand, H., Hodges, J., and R. Morgan,
196 "Authentication Methods for LDAP", RFC 2829, May 2000.
202 6425 Christie Ave, 4th Floor
205 EMail: jutta@sendmail.com
226Degener Standards Track [Page 4]
228RFC 3894 Sieve Extension - Copy Without Side Effects October 2004
231Full Copyright Statement
233 Copyright (C) The Internet Society (2004).
235 This document is subject to the rights, licenses and restrictions
236 contained in BCP 78, and except as set forth therein, the authors
237 retain all their rights.
239 This document and the information contained herein are provided on an
240 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/S HE
241 REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE
242 INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR
243 IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
244 THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
245 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
249 The IETF takes no position regarding the validity or scope of any
250 Intellectual Property Rights or other rights that might be claimed to
251 pertain to the implementation or use of the technology described in
252 this document or the extent to which any license under such rights
253 might or might not be available; nor does it represent that it has
254 made any independent effort to identify any such rights. Information
255 on the IETF's procedures with respect to rights in IETF Documents can
256 be found in BCP 78 and BCP 79.
258 Copies of IPR disclosures made to the IETF Secretariat and any
259 assurances of licenses to be made available, or the result of an
260 attempt made to obtain a general license or permission for the use of
261 such proprietary rights by implementers or users of this
262 specification can be obtained from the IETF on-line IPR repository at
263 http://www.ietf.org/ipr.
265 The IETF invites any interested party to bring to its attention any
266 copyrights, patents or patent applications, or other proprietary
267 rights that may cover technology that may be required to implement
268 this standard. Please address the information to the IETF at ietf-
273 Funding for the RFC Editor function is currently provided by the
282Degener Standards Track [Page 5]