Re: [Extra] Is this a plausible IMAP extension ?

"Bron Gondwana" <brong@fastmailteam.com> Wed, 27 February 2019 21:01 UTC

Return-Path: <brong@fastmailteam.com>
X-Original-To: extra@ietfa.amsl.com
Delivered-To: extra@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C839D124B0C for <extra@ietfa.amsl.com>; Wed, 27 Feb 2019 13:01:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.982
X-Spam-Level:
X-Spam-Status: No, score=-1.982 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_HEADER_CTYPE_ONLY=0.717, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmailteam.com header.b=YSEcy6j4; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=c/llQICF
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jf02-hf5dQRF for <extra@ietfa.amsl.com>; Wed, 27 Feb 2019 13:01:09 -0800 (PST)
Received: from wout2-smtp.messagingengine.com (wout2-smtp.messagingengine.com [64.147.123.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F0D612426E for <extra@ietf.org>; Wed, 27 Feb 2019 13:01:09 -0800 (PST)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.west.internal (Postfix) with ESMTP id 8D2C93044 for <extra@ietf.org>; Wed, 27 Feb 2019 16:01:08 -0500 (EST)
Received: from imap7 ([10.202.2.57]) by compute6.internal (MEProxy); Wed, 27 Feb 2019 16:01:08 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= fastmailteam.com; h=message-id:in-reply-to:references:date:from :to:subject:content-type; s=fm2; bh=u+T8hydz0/9Aglg25AORL2KDJAhB dxdH/Hs41kihAUM=; b=YSEcy6j45+Yjh7t8kVzjY/+bdk55TEFpYo0pdZueWyuK 0/JPm8XOzFNAbkIRwST5Z8ME0MOT1jIGWdFgMo95IsNzE49XNMYKQJOCFiMYOUcK XXf6AhBLdNQNZo6/qPvNumkgXjntmLuMmXaVwF0cWnm2+WHzLPtrf4wL2QCH+kxh HaMbAfhQZomh477AdiEjIhTtnZxky8X2H2aMYTSUdDrsFu489AerwvPtUiRlM/TB 1Zu8pl4xeZqla+tuQUgouDd8qJGbxGYLG3c7TTgSYnqeRzjvn/O37/A89Xfp9cuR c4xkwuD1low2I0MhGdDp5i9wmVVSUZl8Nsyj5AwkpA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:references:subject:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=u+T8hydz0/9Aglg25 AORL2KDJAhBdxdH/Hs41kihAUM=; b=c/llQICFyC/3v5JNuJVu/aAI+MSJgL0zP ZXxbPesgssn6DmDZl/QvsWAymQkxei1WfYalXPu53T+q3luSrRL4cVZn31B1DZir xN0DwYpYj7z2t62OKSvY0c283JoV+ZEtleoDmKyUb3yL+U7FpT+79S2vDlh5GPf0 WQuvEfaTGA74TQxlqE+C0CT3K9tjzP4vGbpuFZj9nxtoGSCLGAc8mkUt4fT3KTHV mKNc99d0UhX2i7apMAamktDSKtlF1NwyMIbm90Mur99kn2n02RkZPuXOeW/pjgqr Eu+ipmRLpHwvKYL+EHNfnmMYOQ8FcFcMLQrQJs1YM70zJXwur+tuw==
X-ME-Sender: <xms:k_p2XIwVSTQFRbqNdSnlp-I3xFaWSkB5pwOV59SHKW4xt01y-7KHZw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddrvddugddugeegucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgfkjghffffhvffutgesrgdtre erreertdenucfhrhhomhepfdeurhhonhcuifhonhgufigrnhgrfdcuoegsrhhonhhgsehf rghsthhmrghilhhtvggrmhdrtghomheqnecurfgrrhgrmhepmhgrihhlfhhrohhmpegsrh honhhgsehfrghsthhmrghilhhtvggrmhdrtghomhenucevlhhushhtvghrufhiiigvpedt
X-ME-Proxy: <xmx:k_p2XC3isMG7UCj2VveRqtMy_DcyNluK_dXMptfaPpj9gHDFaKq_nw> <xmx:k_p2XHFQBNuYtQQqsaTAWY6X3aN3nPiNqE-3W3fZElZW1UjSz8n1Zg> <xmx:k_p2XPKwqun57kGaRTylqw6Fb6NfitgK0Wt7l2Icd8heDnI7WpJyoQ> <xmx:lPp2XEH0B8Jv10lckcpZ55FO7Jxx-hd-wUprREUvlEOuY0YcHAfZpg>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 757832031D; Wed, 27 Feb 2019 16:01:07 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.5-918-g4e3ba4c-fmstable-20190227v1
X-Me-Personality: 56629417
Message-Id: <a05121fb-a105-458a-bd69-9d6c289860b2@www.fastmail.com>
In-Reply-To: <01R3P86JVOOM00004L@mauve.mrochek.com>
References: <alpine.OSX.2.21.1902262150050.14048@ary.local> <af25a165-ff24-41d4-810e-b00adf2092d5@beta.fastmail.com> <01R3P86JVOOM00004L@mauve.mrochek.com>
Date: Wed, 27 Feb 2019 16:01:07 -0500
From: "Bron Gondwana" <brong@fastmailteam.com>
To: extra@ietf.org
Content-Type: multipart/alternative; boundary=0c77e698b4374b1fa122732c14f5d65f
Archived-At: <https://mailarchive.ietf.org/arch/msg/extra/uD5QY2FGUfx_UihsOxu8YPOL0BA>
Subject: Re: [Extra] Is this a plausible IMAP extension ?
X-BeenThere: extra@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Email mailstore and eXtensions To Revise or Amend <extra.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/extra>, <mailto:extra-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/extra/>
List-Post: <mailto:extra@ietf.org>
List-Help: <mailto:extra-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/extra>, <mailto:extra-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Feb 2019 21:01:11 -0000

On Thu, Feb 28, 2019, at 04:35, Ned Freed wrote:
> > We do something like this already at FastMail, and here's the thing.... the
> > user should be allowed to add or clear this header to change the interpretation
> > of the email in their mailbox. Once they have the message - they should be able
> > to update the BIMI status.
> 
> This seems entirely reasonable to me, but now we're talking about updating the
> message content. This pretty much pushes it out of the header space as 
> far as I'm concerned.

I corrected that almost immediately - but, yay immutable emails. I meant a keyword that they could update, not a header. Sorry.

So the header gets added at delivery time, the same way an Authentication-Results header gets added, saying that DKIM / SPF passed or didn't pass. Fine.

A keyword gets added to the message on delivery if that header is present. Fine.

The keyword has a restricted ACL such that the user can't modify it afterwards. Not OK. Dislike. Unnecessary and likely to cause many issues. The "users could be phished to change the keyword" is an implausible argument in any mass market client that I've seen, and the side effects of trying to make read-only keywords are significant.

> > This is particularly important when you're talking about importing and
> > exporting email between systems. Having the flag to avoid phishing, sure. But
> > restricting MUAs from setting that flag - that's bogus.
> 
> Exactly.
> 
> > I guess I'm going to the BIMI session.
> 
> Sounds like a good idea.

Fun times :)

I've been tracking BIMI for a couple of years anyway, so it's not like I was ever NOT going to go.

Bron.

--
 Bron Gondwana, CEO, FastMail Pty Ltd
 brong@fastmailteam.com