Tuesday, Dec 1, 2015 12:40 PM John Levine wrote:
Of course there is such an RFC. RFC 6409 refers to RFC 5321 which
describes the content of the Received header in section 4.4. It
includes the IP address from which the message was received.
That's the latest version of the SMTP submit spec, not a document about
Received: header field privacy.
If, perhaps, you are wondering if there should be an RFC that updates
that advice to say to do something else, that's totally unresolved,
since nobody yet has made a plausible argument of what to change and
why there would be an overall benefit from doing so.
The benefit is pretty obvious. If my IP address and identity information
appears in a Received: header field, then I can't send mail to a public mailing
list without revealing to the world geolocation information that could be used
for doxxing/swatting me, or for various other nefarious activities, and I can't
send email to an individual unless I am willing to reveal that information to
that individual. And I can't send email through any server operated by anyone
to whom I do not wish to reveal that information.
These may not feel like important issues to you, but for some people they are
life-or-death issues, and there really is a tradeoff to be made between the
freedom of people in that situation to speak, and the freedom of the operators
of mail servers to surveil them, even when that surveillance has a good motive
behind it. The problem is that it's not _just_ the people who need the
information who get it.
Until we look at the actual costs and benefits, it's grossly premature
to propose any changes.
Right, that's why I keep asking questions. It's easy to read a series of
questions as leading to a conclusion, and of course there is a conclusion that
seems to be indicated here, but if I didn't care about your opinion and
knowledge on this topic, I wouldn't be asking you questions.
Sent from Whiteout Mail - https://whiteout.io
My PGP key: https://keys.whiteout.io/mellon(_at_)fugue(_dot_)com
Description: PGP signature
ietf-smtp mailing list