Re: SMTP RFC: "MUST NOT" change or delete Received header


On 3/29/2014 2:59 AM, Kevin M. Gallagher wrote:

What do people today think of the SMTP RFC's current requirement that
mail programs and servers must not under any circumstances change or
delete Received: headers?

I will provide a different perspective other than the typical trace,debugging and technical support reasons and why they are useful forthose moments.

There was never a requirement to retain HEADERS at the finaldestination. The historical main reason is because of gatewaytransformations. There are other formats that predated x822/5322electronic mail storage formats.

The 5321 "requirements" is more about not TAMPERING with passthru mail(relays), and there is legal precedence for not tampering withtransient communications laid out in the 1986 US ECPA. Of course, themail body content SHOULD NEVER be tampered. Mail hosting systems suchas ours were long molded from this ethical mail hosting design model.

Is exposing sender IP addresses to any
attacker who can view e-mail headers, for the purposes of preserving
trace information, really worth it when weighed against considerations
like security and privacy?

Again, if you are relaying mail, you really have no choice here. Youhave to keep and pass it on. If you don't, then you are not playingthe game right, plain and simple. You might not be helping thedownlinks of the message (the true final destinations) if there aproblem.

So you are really just talking about LOCAL FINAL DESTINATION mail. Ithink that applies for (meta) data that is created temporarily aswell, i.e. you might add a trace meta header for your own internalmail routing purpose but it is finally pulled before it goes out orthe end user gets it. There are a few headers like that, theReturn-Path is one of them where it is added but then POSSIBLY pulledby an implementation.

Historically, they helped in support but yet at the same time, you hada small mistrust in them as well as you are suggesting here. Youextracted what made possible sense and thats it. I personally thinkthe IP concerns, while possible and real, are very isolated. Thesupport needs are also isolated but I think its one of those thingswhere you desire/wish for the information when the relatively few andincreasingly rare support times comes.

Overall, I always had an strong ethical engineering position on neverdestroying information especially at the passthru (relay) level.There is/was legal precedence for this. At the local level, we alsohad a need to provide mail gateways for other formats and there aremany headers that are not part of the transformations. The Received,and the potential to have many of them, was not one of them. When agate was performed, the necessary Network Control Lines, headers thatallowed for replying and continued network communications to takeplace, where added to "meta" storage. But the the remaining overallwas pruned. If there was a support need, you enabled the preservationof the full RFC headers and told the user "try it again."

That said, as the mail systems and END-USERS evolved to include moremulti-media information, like HTML, MIME, etc, it became increasinglynecessary to PRESERVE the original message format. This became moretrue as users moved away from online to offline RFC reader/writercommunications, i.e. POP3, where online it (display rendering) wasfully controlled by the backend server, but with POP3, the backendlost the control of what is possibly displayed.

But with the movement or recycling back to online is taking place, youdon't really need all the headers and there are lots of wastedoverhead for sure. Most Users don't even know what they are anyway oreven care. Its all for those rare support needs and thats become soinfrequent, who knows, maybe the next big interested I-D would be howto clean up all the x822/5322 mess. Have you see the junk in thosestuff? Junk that could expose security related info or just plainnonsense that doesn't apply to you anyway. ALL those X- headers.Thats information you certainly don't need 80% (pareto) of the time.



--
HLS