Sieve working group R. George Internet-Draft B. Leiba Intended status: Informational Huawei Technologies Expires: June 6, 2011 A. Melnikov Isode Limited December 3, 2010 Sieve Email Filtering: Use of Presence Information with Auto Responder functionality draft-ietf-sieve-autoreply-03 Abstract This document describes how the Sieve email filtering language, along with some extensions, can be used to create automatic replies to incoming electronic mail messages based on the address book and presence information of the recipient. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on June 6, 2011. Copyright Notice Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of George, et al. Expires June 6, 2011 [Page 1] Internet-Draft Auto Response December 2010 the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. How To Create Auto Replies . . . . . . . . . . . . . . . . . . 3 3. Example Use Cases for Auto Replies . . . . . . . . . . . . . . 4 4. Security Considerations . . . . . . . . . . . . . . . . . . . . 7 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 8 6. Normative References . . . . . . . . . . . . . . . . . . . . . 8 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 9 George, et al. Expires June 6, 2011 [Page 2] Internet-Draft Auto Response December 2010 1. Introduction This document describes how the Sieve email filtering language [RFC5228], along with some extensions [RFC5230] [RFC5435] [I-D.ietf-sieve-external-lists] [I-D.ietf-sieve-notify-presence] [I-D.ietf-sieve-vacation-seconds] can be used to generate automatic replies to incoming electronic mail messages based on the presence information of the recipient. This can be used, for example, to inform the sender that messages will not be answered immediately because the recipient is busy or away. The auto-reply message can additionally be based on information about the sender from the recipient's address book, sub-lists therefrom, or other lists available to the recipient, so that different senders might get different responses. The recipient can create separate rules for friends, family members, colleagues, and so on. This can be used in mail filtering software, email-based information services, and other automatic responder situations. There are many programs currently in use that automatically respond to email. Some of them send many useless or unwanted responses, or send responses to inappropriate addresses. The mechanism described herein will help to avoid those problems (but see the discussion in Section 4). Implementations need to take care of tracking previous messages received from the same sender and they will start or stop sending responses as the presence status of the recipient changes. An important note, though: users of any auto-reply mechanism should really think about whether automatic replies are necessary, and at what interval they make sense when they are. Email is not Instant Messaging, and senders generally expect that replies might take a while. Consider whether it's truly important to tell people that you'll read their mail in an hour or so, or whether that can just be taken as how email works. There are times when this makes sense, but let's not use it to exacerbate information overload. 2. How To Create Auto Replies When an email message arrives, the Sieve script can use the notify_method_capability of the Notify extension [RFC5435] to check the recipient's presence information. The Notify-presence extension [I-D.ietf-sieve-notify-presence] makes additional presence, such as "away" and "do not disturb" status, available. The script can use the External-lists extension [I-D.ietf-sieve-external-lists] to look the sender up in the recipient's address book or other list. If the information retrieved warrants an auto-reply message, the message can then be composed based on that information. George, et al. Expires June 6, 2011 [Page 3] Internet-Draft Auto Response December 2010 The Vacation extension [RFC5230] provides an easy way to send the auto-reply message to the sender, as it automatically keeps track of the automatic replies and attempts to avoid excessive messages and mail loops. The Vacation-seconds extension [I-D.ietf-sieve-vacation-seconds] allows auto-replies to be sent this way more frequently than once per day, when that's appropriate. (Alternatively, the script can use the Notify extension,[RFC5435] and it can use that to send a notification by a means other than email.) Personal and Group Responders can refuse to generate responses except to known correspondents or addresses otherwise known to the recipient. Such responders can also generate different kinds of responses for "trusted" vs "untrusted" addresses. This might be useful, for instance, to avoid inappropriate disclosure of personal or confidential information to arbitrary addresses. 3. Example Use Cases for Auto Replies 1. In this example, we check that the envelope "from" is in the recipient's address book [I-D.ietf-sieve-external-lists] and that the recipient's presence shows "extended away".[I-D.ietf-sieve-notify-presence] If both of those are true, the "vacation" action [RFC5230] is used to send an auto-reply, making sure we don't reply to the same sender more than once every half hour.[I-D.ietf-sieve-vacation-seconds] The variables extension [RFC5229] is used to extract the value of the recipient's natural-language presence status message, which will be used as the response to the sender. require ["envelope", "extlists", "enotify", "variables", "vacation-seconds"]; if allof ( envelope :list "from" "tag:example.com,2009-05-28:AddrBook", notify_method_capability "xmpp:me@example.com" "show" "xa" ) { # :matches "*" is used here to extract the value if notify_method_capability :matches "xmpp:myjid@example.com" "status" "*" { set "resp_msg" "${1}"; } else { set "resp_msg" "Away for a while, without access to email."; } vacation :handle "ext-away" :seconds 1800 "${resp_msg}"; } George, et al. Expires June 6, 2011 [Page 4] Internet-Draft Auto Response December 2010 2. In the next example, we'll check several lists or sublists, auto- replying to everyone, but sending more detail about the recipient's status to senders who are found in the recipient's address book, and still more detail to those in the "family" and "friends" lists. require ["envelope", "extlists", "enotify", "vacation-seconds"]; if envelope :list "from" ["tag:example.com,2009-05-28:family", "tag:example.com,2009-05-28:friends"] { if notify_method_capability "xmpp:me@example.com" "show" "away" { vacation :handle "away" :seconds 600 "I'm away for now, but I'll be back soon."; } elsif notify_method_capability "xmpp:me@example.com" "show" "dnd" { vacation :handle "dnd" :seconds 1800 "I'm not to be disturbed. I'll check mail later."; } elsif notify_method_capability "xmpp:me@example.com" "show" "xa" { vacation :handle "ext-away" :seconds 3600 "I'm away for a while, without access to email."; } elsif notify_method_capability "xmpp:me@example.com" "busy" "yes" { vacation :handle "busy" :seconds 1800 "I'm very busy, but might check email now and then."; } } elsif envelope :list "from" "tag:example.com,2009-05-28:AddrBook" { if notify_method_capability "xmpp:me@example.com" "show" ["away", "dnd", "xa"] { vacation :handle "away" :seconds 3600 "I'm not available to respond to email."; } } else # the sender is not in the address book { vacation :handle "catchall" :days 1 "I got your message, and might read it eventually."; } George, et al. Expires June 6, 2011 [Page 5] Internet-Draft Auto Response December 2010 3. For this example, if the sender is a work colleague and the recipient is on extended away status, then reply with a message giving alternative contact information. The message might also include details about the reason for the absence, or other personal or confidential information that shouldn't be shared with senders who aren't associated with the recipient's company. require ["envelope", "extlists", "enotify", "vacation"]; if envelope :list "from" "tag:example.com,2009-05-28:co-workers" { if notify_method_capability "xmpp:me@example.com" "show" "xa" { vacation :handle "bigtrip" :days 3 "I'm on an extended business trip to Texas for the Foo project. Contact my backup, Susan , or call my assistant on +1 666 555 1234 if you urgently need to contact me."; } } 4. This example is used to send an acknowledgment to every message received. A :seconds value of zero is used to reply to every message, with no removal of duplicates to the same sender. This requires that the Sieve engine allow an interval of zero; if it does not, and it imposes a minimum value, not every message will receive an auto-reply. require ["envelope", "extlists", "vacation-seconds"]; if not envelope :list "from" "tag:example.com,2009-05-28:staff" { vacation :handle "auto-resp" :seconds 0 "Your request has been received. A service representative will contact you as soon as possible, usually within one business day."; } George, et al. Expires June 6, 2011 [Page 6] Internet-Draft Auto Response December 2010 5. This example uses the same structure to automatically send a copy of each incoming message to the recipient's backup, if the sender is a customer contact or co-worker, or if the message's subject includes the word "urgent". require ["envelope", "extlists", "enotify"]; if anyof ( envelope :list "from" ["tag:example.com,2009-05-28:customers", "tag:example.com,2009-05-28:co-workers"], header :contains "subject" "urgent" ) { if notify_method_capability "xmpp:me@example.com" "show" "xa" { redirect "susan@example.com"; # send a copy to my backup keep; # also keep a copy for myself } } } 4. Security Considerations See the Security Considerations sections of the following specifications for discussion of security considerations not covered here: Sieve base specification [RFC5228] Sieve Vacation extension [RFC5230] Vacation "Seconds" parameter [I-D.ietf-sieve-vacation-seconds] Sieve Externally Stored Lists extension [I-D.ietf-sieve-external-lists] Sieve Notify extension [RFC5435] (and any applicable notification methods) This document describes how to set up a system that creates automatic replies in an intelligent way. Despite the "intelligence", errors in scripts can result in too many auto-reply messages, especially when the reply interval is minimal (using the "notify" action, or the "vacation" action with a small value for ":seconds"). Despite the "intelligence", too, errors in scripts can result in private information getting to senders inappropriately. In example 3 in Section 3, for instance, if the :list test checks the wrong list, or none at all, information about the recipient's business trip might George, et al. Expires June 6, 2011 [Page 7] Internet-Draft Auto Response December 2010 be sent to someone who has no need to know about it, and shouldn't. Even without errors in scripts, a sender who recognizes that auto- replies are dependent upon the recipient's presence can use that fact to probe the presence information. One result of that can be that the sender discerns changes in the recipient's presence that the sender would normally not be allowed to see, making this an unintentional back door into the user's presence information. Another result is that this can create a "covert channel", allowing the recipient to send information to a sender by changing his presence information, his address book, and/or his Sieve script (though in this regard, the exposure is comparable to any other case of shared presence information). An autoresponder can cause leaks of other pieces of information, including potentially providing the ability to attack cryptographic keying material. For example, using the time it takes to perform an cryptographic operation, an attacker may obtain information about the secret key. An autoresponder that doesn't take timing into account could accidentally leak this kind of information. Moreover, if an autoresponder script directly returns the results of a cryptographic operation, that could also provide an attack vector. For example, if a script returns the results of a decryption operation, an attacker can send an arbitrarily encrypted message and use the results as a chosen cyphertext attack to decode the encryption key. Authors of scripts should be careful in what information they return to senders. 5. IANA Considerations There are no IANA actions required by this document. 6. Normative References [I-D.ietf-sieve-external-lists] Melnikov, A. and B. Leiba, "Sieve Extension: Externally Stored Lists", draft-ietf-sieve-external-lists-02 (work in progress), May 2010. [I-D.ietf-sieve-notify-presence] George, R. and B. Leiba, "Sieve Notification Using Presence Information", draft-ietf-sieve-notify-presence-01 (work in progress), October 2010. [I-D.ietf-sieve-vacation-seconds] George, et al. Expires June 6, 2011 [Page 8] Internet-Draft Auto Response December 2010 George, R. and B. Leiba, "Sieve Vacation Extension: "Seconds" parameter", draft-ietf-sieve-vacation-seconds-01 (work in progress), October 2010. [RFC5228] Guenther, P. and T. Showalter, "Sieve: An Email Filtering Language", RFC 5228, January 2008. [RFC5229] Homme, K., "Sieve Email Filtering: Variables Extension", RFC 5229, January 2008. [RFC5230] Showalter, T. and N. Freed, "Sieve Email Filtering: Vacation Extension", RFC 5230, January 2008. [RFC5435] Melnikov, A., Leiba, B., Segmuller, W., and T. Martin, "Sieve Email Filtering: Extension for Notifications", RFC 5435, January 2009. Authors' Addresses Robins George Huawei Technologies Bangalore, Karnataka 560071 India Phone: +91-080-41117676 Email: robinsgv@gmail.com Barry Leiba Huawei Technologies Phone: +1 646 827 0648 Email: barryleiba@computer.org URI: http://internetmessagingtechnology.org/ Alexey Melnikov Isode Limited 5 Castle Business Village, 36 Station Road Hampton, Middlesex TW12 2BX UK Email: Alexey.Melnikov@isode.com URI: http://www.melnikov.ca/ George, et al. Expires June 6, 2011 [Page 9]