Hi Kevin,
On 3/29/14, 7:59 AM, Kevin M. Gallagher wrote:
What do people today think of the SMTP RFC's current requirement that
mail programs and servers must not under any circumstances change or
delete Received: headers? Is exposing sender IP addresses to any
attacker who can view e-mail headers, for the purposes of preserving
trace information, really worth it when weighed against considerations
like security and privacy?
http://tools.ietf.org/html/rfc5321#section-4.4
There is at least some value in retaining trace headers both for
debugging and anti-spam (mostly validating what one would expect to for
a given sender see), headers added by an MSA can entail privacy concerns
that (IMHO) outweigh debugging considerations.
Eliot