On 29 March 2014 16:01, Dale R. Worley <worley(_at_)ariadne(_dot_)com> wrote:
From: "Kevin M. Gallagher" <kevin(_at_)ageispolis(_dot_)net>
What do people today think of the SMTP RFC's current requirement that
mail programs and servers must not under any circumstances change or
delete Received: headers? Is exposing sender IP addresses to any
attacker who can view e-mail headers, for the purposes of preserving
trace information, really worth it when weighed against considerations
like security and privacy?
Received: headers are quite useful when you're trying to figure out
which mail server sat on the message for four days.
They're also useful when you're trying to figure out what sequence of
address rewrites got the message to you.
Try explaining to some other organisation that their mail system is broken
without the evidence readily available.
The longest delivery delay I ever investigated was a magnificent 17 months!
The recipient was truly baffled. A mailserver far away had a disk restored
from backup, complete with a queued message in the level 0 dump.