Sieve Extension: Copying Without Side Effects
RFC 3894

Document Type RFC - Proposed Standard (October 2004; No errata)
Was draft-degener-sieve-copy (individual in app area)
Last updated 2018-12-20
Stream IETF
Formats plain text html pdf htmlized bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 3894 (Proposed Standard)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Scott Hollenbeck
Send notices to (None)
Network Working Group                                         J. Degener
Request for Comments: 3894                                Sendmail, Inc.
Category: Standards Track                                   October 2004

             Sieve Extension: Copying Without Side Effects

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2004).


   The Sieve scripting language allows users to control handling and
   disposal of their incoming e-mail.  By default, an e-mail message
   that is processed by a Sieve script is saved in the owner's "inbox".
   Actions such as "fileinto" and "redirect" cancel this default

   This document defines a new keyword parameter, ":copy", to be used
   with the Sieve "fileinto" and "redirect" actions.  Adding ":copy" to
   an action suppresses cancellation of the default "inbox" save.  It
   allows users to add commands to an existing script without changing
   the meaning of the rest of the script.

1.  Introduction

   The Sieve scripting language [SIEVE] allows users to control handling
   and disposal of their incoming e-mail.  Two frequently used Sieve
   commands are "fileinto" (saving into a local message store, such as
   an IMAP server) and "redirect" (forwarding to another e-mail
   address).  Both of these cancel the Sieve default behavior of saving
   into the user's "inbox".

   But some users have the notion of forwarding an extra copy of a
   message for safekeeping to another e-mail address, or of saving a
   copy in a folder - in addition to the regular message delivery, which
   shouldn't be affected by the copy.

Degener                     Standards Track                     [Page 1]
RFC 3894      Sieve Extension - Copy Without Side Effects   October 2004

   If saving an extra copy is all the user wanted to do,

      fileinto "unfiltered";

   would do the job.  The "keep" command does explicitly what the
   cancelled default behavior did.  But the explicit "keep" is a poor
   substitute for the implicit "keep" when more processing follows:

      fileinto "unfiltered";

      if header "Subject" "MAKE MONEY FAST!!!"

   In this example, the "discard" is ineffective against the explicit
   "keep"; the discarded message still ends up in the user's inbox.

   It is possible to generate Sieve code that perfectly expresses a
   user's wishes, but such code quickly grows unwieldy because it needs
   to keep track of the state that the implicit "keep" would have had
   without the "fileinto" or "redirect" command.

   This extension tries to make life easier for user interface designers
   and script writers by allowing them to express the "copy" semantics

2.  Conventions used

   Conventions for notations are as in [SIEVE] section 1.1, including
   use of [KEYWORDS] and "Syntax:" label for the definition of action
   and tagged arguments syntax.

   The capability string associated with extension defined in this
   document is "copy".

3.  ":copy" extension to the "fileinto" and "redirect" commands

        "fileinto" [":copy"] <folder: string>
        "redirect" [":copy"] <address: string>

   If the optional ":copy" keyword is specified with "fileinto" or
   "redirect", the tagged command does not cancel the implicit "keep".
   Instead, it merely files or redirects a copy in addition to whatever
   else is happening to the message.

Degener                     Standards Track                     [Page 2]
RFC 3894      Sieve Extension - Copy Without Side Effects   October 2004


      require ["copy", "fileinto"];
      fileinto :copy "incoming";

      # ... more processing follows ...

4.  Security Considerations

   The "copy" extension makes it easier to eavesdrop on a user's message
   stream without the user noticing.  This was technically possible
   before if an attacker gained read/write access to a user's Sieve
   scripts, but now an attacker no longer needs to parse a script in
   order to modify it.  Write access to Sieve scripts must be protected
   as strongly as read/write access to e-mail, for example by using
   secure directory protocols such as correctly parameterized LDAP over
   TLS [LDAP].

   Organizations that wish to monitor their users' e-mail traffic must
   familiarize themselves with local data protection laws before
   creating stores of old e-mail traffic without control, or perhaps
   even knowledge, of the sender or intended recipients.

   Organizations that legally use "redirect :copy" to eavesdrop on
   correspondence (for example, by keeping a log to answer questions
Show full document text