[Extra] Is this a plausible IMAP extension ?

"John R. Levine" <johnl@iecc.com> Wed, 27 February 2019 03:06 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: extra@ietfa.amsl.com
Delivered-To: extra@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 9090F1274D0 for <extra@ietfa.amsl.com>; Tue, 26 Feb 2019 19:06:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id gTSCnzIwESQY for <extra@ietfa.amsl.com>; Tue, 26 Feb 2019 19:06:39 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 484E8130DC0 for <extra@ietf.org>; Tue, 26 Feb 2019 19:06:38 -0800 (PST)
Received: (qmail 62544 invoked from network); 27 Feb 2019 03:06:37 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:subject:mime-version:content-type:user-agent; s=f44c.5c75febd.k1902; bh=gQm2sb+OD0TmPiwQ6IAJSZbbDUtXSRLyz0PB+fdC7eY=; b=SXdF8NAJT5sC/nH8YCmWPPNqb3dpCgjtTO8GQwajByl5geKTprqbqgSBOFcIuuYgn4SuFzMYsnhrf7C8J5ztu6qE5/gszwfGbSLcnlSCjjyVUvM6oOIVR7JON8y/j/lTJaOJK6VLPkHWmx3I/1l4EuhjC+kd7VmH/NH29VRwSH0kgOCwcsMBc3sAt4Xlaho5dD8PS7BclfOjzgtrOoydt8E8aT5nt5pOVU6lgACfN25ejSHdR4r8zZT7myoiE2bi
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 27 Feb 2019 03:06:37 -0000
Date: 26 Feb 2019 22:06:36 -0500
Message-ID: <alpine.OSX.2.21.1902262150050.14048@ary.local>
From: "John R. Levine" <johnl@iecc.com>
To: extra@ietf.org
User-Agent: Alpine 2.21 (OSX 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Archived-At: <https://mailarchive.ietf.org/arch/msg/extra/44fPtl5Fxn7d2YirZs78fd57LNE>
Subject: [Extra] Is this a plausible IMAP extension ?
X-BeenThere: extra@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Email mailstore and eXtensions To Revise or Amend <extra.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/extra>, <mailto:extra-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/extra/>
List-Post: <mailto:extra@ietf.org>
List-Help: <mailto:extra-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/extra>, <mailto:extra-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Feb 2019 03:06:41 -0000

There is this thing called BIMI that is being debated elsewhere in the 
IETF.  Leaving aside for the moment the issue of whether it's a good idea 
in the first place, it invents an IMAP feature that seems dodgy to me.

When an MTA that supports BIMI delivers a message into the mailstore, it 
adds a header that tells MUAs where to find a logo to show next to the 
message.  (Think of it as x-face for corporations.)  Since bad people 
could phish victims with their own header with a misleading image, BIMI 
invents a new IMAP flag that only the delivery MTA can set on messages 
where it has added a virtuous header.  An MUA can test it to decide 
whether to show the logo.  Other IMAP or POP clients can't set the flag, 
but it presumably stays with the message if it's moved from one folder to 

Does existing IMAP software have this kind of privileged flag?  Is it 
something that would be reasonable to implement, e.g., is there already a 
concept of users at different privilege levels manipulating the same mail 
store beyond just R/W and R/O?  The IMAP software I use is Dovecot, where 
in the vast amount of badly organized documentation I don't see anything 
like this, but maybe it's hiding and I don't know where to look.

Advice from actual IMAP experts welcome.

John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

PS: If as I suspect this is unlikely to be implementable, I have an 
alternate approach that involves misusing DKIM.