[Top] [All Lists]

Re: [ietf-smtp] [Uta] New Version Notification for draft-levine-additional-registered-clauses-00

2019-01-25 10:36:38
By the nature of e-mail, the recipient of a message already knows who
the sender sent it to, since he or she got it.  The Received headers go
into the message itself, not third party logs.

Mail list archives and mail corpus leaks do expose that to more
than one recipient.

Indeed, but unless they remove the Received: headers (in which case this debate is irrelevant) they also expose the recipient and so forth.

To the extent that list archives have those headers, they disclose the address of the list and perhaps an internal address used to forward mail from the list to the archive. BFD, I'd think. The corpora I've seen have no Received headers and the addresses in From/To/CC redacted, too.

But, if someone has decided to setup ESNI for an MTA (which will
need them to take action to do that), then I'd assume they have
a reason. At that point, exposing the ESNI value in the message
is what I'm arguing to not recommend.

Naah, it just means they upgraded to a new library version that supports it.

Here's a thought experiment: try and construct a plausible Received header that would tell you more about the recipient with SNI than without, keeping in mind that the IP address of the server is mandatory, and the server name and recipient (the "for" clause) are usually included. I think you'll find it's quite hard unless you do things that MTAs don't normally do.

John Levine, johnl(_at_)taugh(_dot_)com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail.
ietf-smtp mailing list
<Prev in Thread] Current Thread [Next in Thread>