On 31 March 2014 00:52, Randy Bush <randy(_at_)psg(_dot_)com> wrote:
the truth is, i have not used received: headers to authenticate/debug
[0] since yesterday. but it's not yet 09:00, so there is still time
today.
I'm assuming you realise that nobody is arguing that all received header
fields be stripped?
The problem I've run into is generally machine [~auto] submitted email,
where the network itself is "sensitive" (let's pretend it's a big bank),
and the administrators don't wish to reveal anything about the network
location of said machine.
The trace fields stripped would be limited to (probably) one - that of the
original {trans|sub}mission. It'll also be (in practise) a constant modulo
the timestamp.
Does this change your point of view? If not, why would knowing about a
machine that's likely on private IP address space or otherwise on an
unrouted network be useful to you for debugging purposes?
If there's a problem with the mail, the big bank can track down what
happened easily enough, and you can point your finger at the correct big
bank.
Dave.