[Top] [All Lists]

Re: [ietf-smtp] [Shutup] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

2015-12-02 08:18:20
On 02/12/2015 14:05, Ted Lemon wrote:
Wednesday, Dec 2, 2015 4:44 AM Paul Smith wrote:
This is the bit that worries me. As a small mail server publisher & hosting 
company, we try to actually help our customers with their problems (unlike some of 
the big providers). The information in the Received headers is vital to us when 
trying to narrow down why their messages bounced, or why their incoming mail was 
delayed, or whatever.
This is all true, and definitely a matter of concern.   The question is, is 
there some way that we can give you enough information to do the debugging you 
need to do, without leaking private information?   E.g., when would you need 
the sender's home IP address to do debugging?

Eg, someone says to me "so and so received this message from me, but I didn't send it - has my laptop got a virus on it?" I can look at the IP address in the Received header and say, "no, that message came from China, someone's just spoofing your address", or "it may have done, is your ISP ''?" (or in some cases, "is your home IP address" (if they have a static IP address))

Or, the answer may be "that message came from Russia, but it was sent through your ISP - your ISP password may have been compromised, you may want to change it"

If the IP address is hidden, I can't do all that. There may be a way to replicate the information without giving away the same data, but the IP information *is* useful. The above scenarios do happen to me, not infrequently.

(There may be other solutions to fixing problems with spoofed addresses, compromised passwords, etc, but those are all separate issues, and have been discussed at length).

ietf-smtp mailing list

<Prev in Thread] Current Thread [Next in Thread>