Friday, Dec 4, 2015 3:42 PM Rich Kulawiec wrote:
1. Such links are often customized on a per-user per-message basis
with unique URLs. Thus *any* hit on that URL from anywhere must
have come from that user  and via that particular message.
It may not disclose their IP address but it *does* disclose that
they read the message and when. This is bad.
Yup. You have to always fetch, when the mail arrives. Which could turn into
a DDoS attack if you do it for all messages, so not ideal without additional
heuristics. But I don't see any way around those heuristics without simply
deleting all URLs from all email messages.
2. Proxying means proxy means proxy log means yet another place where
sensitive information accumulates. I.e., I don't think it's a good idea
to attempt to fix this issue by MITM'ing connections.
You already have the whole email message if it's not encrypted, so I don't see
that any additional information is leaking here. But this is still a good
3. How do you rewrite a link over an encrypted connection?
If you are running the IMAP server, it doesn't matter whether the connection
between the user and the server is encrypted. If you are not, then it's not
I'm not arguing that there isn't a massive privacy problem here.
There is, and I think it's far more worrisome than IP addresses
in Received lines, because it discloses far more information *and it
does so in real time*. I just don't think solving it will be this easy.
Agreed on both counts.
Sent from Whiteout Mail - https://whiteout.io
My PGP key: https://keys.whiteout.io/mellon(_at_)fugue(_dot_)com
Description: PGP signature
ietf-smtp mailing list