The problem comes down to the permissions and accounts. The only way to guarantee that anyone can update any ticket is to allow “Everyone” the ability to reply to a ticket. You are then shifting the security from having an account to knowing what the queue tag should be. The other would be to catch the incoming messages/rejects as they come and then in turn “merge” the users together so that a set of addresses correspond to a single user.
If the people are sending in email responses without a queue tag, then there is a trick you can pull (we’ve done it here): change the default action for the queue to be your public one. Lets say you have only two queues: Public and Private. Change the --correspond action to go to the Public queue. If RT sees a queue tag, it will automatically update the correct ticket in a different queue. If there is no queue tag, then RT would automatically create the ticket in the public queue as before. You could then use the “merge” option for users and/or tickets to keep the information organized. Now; this solution won’t work if the email subject contains a queue tag as permissions will kick in.
Hopefully I didn’t make things more confusing