Re: [ietf-smtp] [Shutup] Proposed Charter for the "SMTP Headers Unhealth

Wednesday, Dec 2, 2015 9:17 AM Paul Smith wrote:
> Eg, someone says to me "so and so received this message from me, but I didn't 
> send it - has my laptop got a virus on it?" I can look at the IP address in 
> the Received header and say, "no, that message came from China, someone's 
> just spoofing your address",  or "it may have done, is your ISP 
> 'bigisp.com'?" (or in some cases, "is your home IP address 1.2.3.4?" (if they 
> have a static IP address))
This is email that your customer sent through your server (or didn't).   
Suppose you didn't have the Received header with the user's IP address on it.   
Are you really going to tell me that you couldn't use information at your 
disposal to give both of the answers that you proposed?

If it was not sent through your server, you don't even need to look at your 
logs to see that--it's in the Received header fields that you didn't redact, or 
rather, it's evident because your mail servers probably aren't mentioned in the 
Received header fields.   If they are, then you can go look at the logs to see 
what IP address connected to the server to drop that email; if the logs don't 
match the headers, it's fake, and if they do, you have the submitter's IP 
address.

I will grant you that the Received header field saves you some time, but it 
doesn't prevent you from answering the particular question that you are 
proposing as a motivating use case for not redacting it.   If this were a 
serious problem, you would spend a half hour to write a script that eliminated 
the time difference.


--
Sent from Whiteout Mail - https://whiteout.io

My PGP key: https://keys.whiteout.io/mellon(_at_)fugue(_dot_)com

pgpmbd1_cHwae.pgp
Description: PGP signature

_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp