Wednesday, Dec 2, 2015 9:17 AM Paul Smith wrote:
Eg, someone says to me "so and so received this message from me, but I didn't
send it - has my laptop got a virus on it?" I can look at the IP address in
the Received header and say, "no, that message came from China, someone's
just spoofing your address", or "it may have done, is your ISP
'bigisp.com'?" (or in some cases, "is your home IP address 18.104.22.168?" (if they
have a static IP address))
This is email that your customer sent through your server (or didn't).
Suppose you didn't have the Received header with the user's IP address on it.
Are you really going to tell me that you couldn't use information at your
disposal to give both of the answers that you proposed?
If it was not sent through your server, you don't even need to look at your
logs to see that--it's in the Received header fields that you didn't redact, or
rather, it's evident because your mail servers probably aren't mentioned in the
Received header fields. If they are, then you can go look at the logs to see
what IP address connected to the server to drop that email; if the logs don't
match the headers, it's fake, and if they do, you have the submitter's IP
I will grant you that the Received header field saves you some time, but it
doesn't prevent you from answering the particular question that you are
proposing as a motivating use case for not redacting it. If this were a
serious problem, you would spend a half hour to write a script that eliminated
the time difference.
Sent from Whiteout Mail - https://whiteout.io
My PGP key: https://keys.whiteout.io/mellon(_at_)fugue(_dot_)com
Description: PGP signature
ietf-smtp mailing list