Re: Security review of SIEVE vacation

Jeff:

> I'm not real wild about the mechansims defined in sections 3.5 and 3.6 
> to try to avoid sending vacation messages to places they shouldn't go.  
> They seem a bit too inflexible for my taste.  I won't object on these 
> grounds, though.
> Just as one example, any address with a mailbox name beginning 'jhutz+' 
> or 'jhutz=' and a domain ending in 'cmu.edu' is is probably mine, and if 
> I used vacation, I'd certainly want it to treat mail sent to any such 
> address as belonging to me, regardless of the specific host the mail 
> went to or what, if anything, occurs after the plus.  I'd want that even 
> if the mail server weren't also at CMU, if I ever decided to forward my 
> CMU mail off-site.  One way to deal with this sort of problem would be 
> to allow a match type and comparator to be specified for the addresses.
Not unsurprisingly, I thought about this when writing the ancient 
ancestral versions of the draft.  I assume the first paragraph of 
section 3.5 is sufficient to allow CMU mailers to deduce that 
jhutz+anything(_at_)cmu(_dot_)edu is "yours" for the purpose of autoresponses.  At 
this point, it becomes a matter of policy.
Tim