On Tue, Dec 01, 2015 at 08:43:43PM -0500, Chris Lewis wrote:
The reality is that if the user wasn't already conscious of their
privacy and striving to preserve it through continuous vigilance,
they've already completely outed themselves.
The same user that might -- and I emphasize "might" -- in some way have
a fraction of their privacy protected is the same one that has a 9-line
email signature with the URLs of their social network profiles, their
phone number, their title and employer, and other far more readily-useful
information. That same user makes poor password choices, has their
email account breached, and the resulting spam run reveals most of the
contents of their "address book". Or they use a web-enabled mail client
and click on links in messages, thus handing over accurately-timestamped
IP address information along with client name/version, OS name/version,
etc. to senders or third parties. That user replies to spam, clicks on
"unsubscribe" links, and uses a mail client that's 8 revisions out-of-date
and was recently discussed at length on full-disclosure.
Nobody is going to bother looking at the Received headers of their
messages because nobody needs to.
ietf-smtp mailing list