Michael Haardt wrote:
I agree. But saying that owner-email is or isn't related to :from is of no help in this case.I don't consider of the frequency of display important, but the fact that the value may unveil which mailbox the notification originated from, violating my privacy looking at the networks the notification may cross.I think you are asking for owner-token being used instead of owner-email.The owner-token may solve the problem, but there is no technical reason to restrict owner-email not doing that as well, plus giving a mail address instead of letting the victim figure out who to ask.
That does not mean I would like to see ":from" influencing the owner. All I would like to specify is WHO is responsible, so people using Sieve can be sure WHO to address for a changed owner address, should they care. If we say The parameter value depends on the implementationSo far so good.I would be glad to see that included!I don't think this is even true. The only requirement is that the sysadmin operating the system that is running the Sieve engine can figure out which Sieve script (and for which user) generated a notification.The only requirement is that the address reaches the owner of the script.Now I am really confused. I thought the owner would be the user the script belongs to, not the admin of the sending system.
Correct. But it doesn't mean that it is reachable via email ;-).My point is that the requirement to be "reachable" might be too strong for some deployments.
The admin should always be able to figure out abuse. Anyway: If we can agree on "it's implementation-dependent", we don't have to define further terms, and it addresses all my issues.