On 10/12/2015 18:05, Hector Santos wrote:
In any case, I am going to pencil in an new SMTP option in our SMTP
server product:
[X] Add Receiver Trace Line
(o) Show Client IP
(_) Mask Client IP
I think it is important enough because of the improved (and society
acceptable) BI (business intelligence) software in the market today.
We have this already in our server (and have had for at least 15 years).
We've generally found that people turn it on because it looks like a
good idea, then turn it off the first time they have a problem and the
IP address would have been useful. Then it stays off.
Yes, server logs COULD take the place of the IP in the header, but (a)
the bounce message is there in front of you; you need to search through
the logs, (b) logs may not last long enough given that bounce messages
may arrive days after the message was sent, (c) they realise that the
internal IP address of the user is a negligible security risk.
A "cryptographic blob" may be useful (so we may look at that instead of
just redacting the address), but that makes things even more complicated
for users who struggle to understand message headers anyway. In my
experience people tend to speak about security & privacy, but when it
comes down to it, they'll choose convenience over those factors pretty
every time when they can.
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp