On 02/12/2015 14:05, Ted Lemon wrote:
Wednesday, Dec 2, 2015 4:44 AM Paul Smith wrote:
This is the bit that worries me. As a small mail server publisher & hosting
company, we try to actually help our customers with their problems (unlike some of
the big providers). The information in the Received headers is vital to us when
trying to narrow down why their messages bounced, or why their incoming mail was
delayed, or whatever.
This is all true, and definitely a matter of concern. The question is, is
there some way that we can give you enough information to do the debugging you
need to do, without leaking private information? E.g., when would you need
the sender's home IP address to do debugging?
Eg, someone says to me "so and so received this message from me, but I
didn't send it - has my laptop got a virus on it?" I can look at the IP
address in the Received header and say, "no, that message came from
China, someone's just spoofing your address", or "it may have done, is
your ISP 'bigisp.com'?" (or in some cases, "is your home IP address
1.2.3.4?" (if they have a static IP address))
Or, the answer may be "that message came from Russia, but it was sent
through your ISP - your ISP password may have been compromised, you may
want to change it"
If the IP address is hidden, I can't do all that. There may be a way to
replicate the information without giving away the same data, but the IP
information *is* useful. The above scenarios do happen to me, not
infrequently.
(There may be other solutions to fixing problems with spoofed addresses,
compromised passwords, etc, but those are all separate issues, and have
been discussed at length).
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp