[Top] [All Lists]

Re: [ietf-smtp] [Shutup] Proposed Charter for something

2015-12-11 04:05:28
On 10/12/2015 18:05, Hector Santos wrote:

In any case, I am going to pencil in an new SMTP option in our SMTP server product:

   [X] Add Receiver Trace Line
       (o) Show Client IP
       (_) Mask Client IP

I think it is important enough because of the improved (and society acceptable) BI (business intelligence) software in the market today.
We have this already in our server (and have had for at least 15 years). We've generally found that people turn it on because it looks like a good idea, then turn it off the first time they have a problem and the IP address would have been useful. Then it stays off.

Yes, server logs COULD take the place of the IP in the header, but (a) the bounce message is there in front of you; you need to search through the logs, (b) logs may not last long enough given that bounce messages may arrive days after the message was sent, (c) they realise that the internal IP address of the user is a negligible security risk.

A "cryptographic blob" may be useful (so we may look at that instead of just redacting the address), but that makes things even more complicated for users who struggle to understand message headers anyway. In my experience people tend to speak about security & privacy, but when it comes down to it, they'll choose convenience over those factors pretty every time when they can.

ietf-smtp mailing list