Michael Haardt wrote:
I don't consider of the frequency of display important, but the fact
that the value may unveil which mailbox the notification originated from,
violating my privacy looking at the networks the notification may cross.
I think you are asking for owner-token being used instead of owner-email.
The owner-token may solve the problem, but there is no technical reason
to restrict owner-email not doing that as well, plus giving a mail
address instead of letting the victim figure out who to ask.
I agree. But saying that owner-email is or isn't related to :from is of
no help in this case.
That does not mean I would like to see ":from" influencing the
owner. All I would like to specify is WHO is responsible, so
people using Sieve can be sure WHO to address for a changed
owner address, should they care. If we say
The parameter value depends on the implementation
So far so good.
I would be glad to see that included!
The only
requirement is that the address reaches the owner of the script.
I don't think this is even true. The only requirement is that the
sysadmin operating the system that is running the Sieve engine can
figure out which Sieve script (and for which user) generated a notification.
Now I am really confused. I thought the owner would be the user the
script belongs to, not the admin of the sending system.
Correct. But it doesn't mean that it is reachable via email ;-).
My point is that the requirement to be "reachable" might be too strong
for some deployments.
The admin should always be able to figure out abuse.
Anyway: If we can agree on "it's implementation-dependent", we don't
have to define further terms, and it addresses all my issues.