On 12/02/2015 08:50 AM, Ted Lemon wrote:
So saying that because people don't care about privacy, we shouldn't try to
protect their privacy, is wrong on two counts:
Claiming that's the stance of anyone here is wrong on several counts,
not least being that a very large part of what we do is specifically
aimed at anti-phishing (that "default no strangers" does little for
these days, eg: address book spamming), and that's a vastly bigger
privacy issue than a Received from clause.
The argument is that it's a relatively minor thing, the lack of which
has worse privacy/operational and other implications, and there are more
significant wins elsewhere.
Several years ago, a major anti-abuse industry organization invited a
speaker from one of the privacy groups intimately involved with the
issue of Syrian expats in the west being online harrassed, stalked and
potentially harmed by SEA. I had seen the reports earlier and did a
little digging based upon what I could see (albeit rather indirectly,
and without any contact with any of the true "point people" in the mess
so it would be improper for me to act on my own).
The first thing out of his mouth was "I came here prepared with a
diatribe about how your entire industry were endangering lives, and to
my surprise learned that you were just as concerned about privacy as we
are, and we should be treating you as allies". After the end of the
talk he was deluged with specific offers of assistance, which I think
included taking down one of the sources of it (identified by headers
such as the RFC wants to eliminate) I brought up in the Q&A: "Why is
this still up?".
ietf-smtp mailing list