Jutta Degener <jutta(_at_)sendmail(_dot_)com> writes:
Below is a strawman Internet draft that describes the easiest,
most general form of "body" I could imagine -- a simple match
against the text of an e-mail message that is not the header,
without content-decoding of any sort.
A future extension of this could be to even MIME decode data before
matching it as well -- international users need this to match
non-ASCII in bodies.
5. Security Considerations
The system must be sized and restricted in such a manner that even
malicious use of body matching does not deny service to other users.
Matching strings in the body of an e-mail message may be more general
than the author of the sieve script intended. The strings may be
matched in headers of included messages; strings that are dangerous
only when used in enclosed MIME headers may be matched in text that
is in itself not dangerous, or discusses the very problem that the
script is attempting to defend against.
A thought:
Matching strings can also be less general than the author intended.
This is because the same data can be expressed in several ways using,
e.g., quoted-printable and base64 encodings. Thus trying to filter on
a specific strings in order to redirect certain data (viruses, certain
key words) can be worked around by the sender.