[Top] [All Lists]


2008-12-04 10:19:49

I've just posted a final version of draft-ietf-sieve-notify-mailto. It resolves all the last-call and IESG issues, including Cullen's DISCUSS position, which he should be clearing when he reviews this version.

There are some editorial changes to fix some nits and some old references.
The substantive changes are these:

Changed in "2.7.1.  The Auto-Submitted header field":

  The auto-notified Auto-Submitted field MUST include one or both of
  the following parameters:

This makes at least one of the "owner-*" parameters required, so that we can be sure that an accidental recipient of notification messages will have a way to contact the sending domain and get the problem fixed.

Added to "5.  Security Considerations":

  Email addresses specified as recipients of notifications might not be
  owned by the entity that owns the Sieve script.  As a result, a
  notification recipient could wind up as the target of unwanted
  notifications, either through intent (using scripts to mount a mail-
  bomb attack) or by accident (an address was mistyped or has been
  reassigned).  The situation is arguably no worse than any other in
  which a recipient gets unwanted email, and some of the same
  mechanisms can be used in this case.  But those deploying this
  extension have to be aware of the potential extra problems here,
  where scripts might be created through means that do not adequately
  validate email addresses, and such scripts might then be forgotten
  and left to run indefinitely.

  In particular, note that the Auto-Submitted header field is required
  to include a value that a recipient can use when contacting the
  source domain of the notification message (see Section 2.7.1).  That
  value will allow the domain to track down the script's owner and have
  the script corrected or disabled.  Domains that enable this extension
  MUST be prepared to respond to such complaints, in order to limit the
  damage caused by a faulty script.

  Problems can also show up if notification messages are sent to a
  gateway into another service, such as SMS.  Information from the
  email message is often lost in the gateway translation, and in this
  case critical information needed to avoid loops, to contact the
  script owner, and to resolve other problems might be lost.
  Developers of email gateways should consider these issues, and try to
  preseve as much information as possible, including what appears in
  email trace headers and Auto-Submitted.

Please comment quickly if you have a problem with any of this. Otherwise, the new draft will go through with these changes.