Re: SMTP RFC: "MUST NOT" change or delete Received header

worley@ariadne.com (Dale R. Worley) Sat, 29 March 2014 16:03 UTC

Date: Sat, 29 Mar 2014 12:01:37 -0400
Message-Id: <201403291601.s2TG1bnv020848@hobgoblin.ariadne.com>
From: worley@ariadne.com
Sender: worley@ariadne.com
To: "Kevin M. Gallagher" <kevin@ageispolis.net>
In-reply-to: <53366F34.8050501@ageispolis.net> (kevin@ageispolis.net)
Subject: Re: SMTP RFC: "MUST NOT" change or delete Received header
References: <mailman.1570.1395964793.2468.ietf@ietf.org> <53366F34.8050501@ageispolis.net>
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/czH8xzMjW3tmfQzhq6fMj7hkDjI
Cc: ietf@ietf.org
Precedence: list

> From: "Kevin M. Gallagher" <kevin@ageispolis.net>
> 
> What do people today think of the SMTP RFC's current requirement that
> mail programs and servers must not under any circumstances change or
> delete Received: headers? Is exposing sender IP addresses to any
> attacker who can view e-mail headers, for the purposes of preserving
> trace information, really worth it when weighed against considerations
> like security and privacy?

Received: headers are quite useful when you're trying to figure out
which mail server sat on the message for four days.

They're also useful when you're trying to figure out what sequence of
address rewrites got the message to you.

Dale

SMTP RFC: "MUST NOT" change or delete Received he… Kevin M. Gallagher
Re: SMTP RFC: "MUST NOT" change or delete Receive… Randy Bush
Re: SMTP RFC: "MUST NOT" change or delete Receive… Dave Cridland
Re: SMTP RFC: "MUST NOT" change or delete Receive… Eliot Lear
Re: SMTP RFC: "MUST NOT" change or delete Receive… Ted Lemon
Re: SMTP RFC: "MUST NOT" change or delete Receive… Dave Aronson
Re: SMTP RFC: "MUST NOT" change or delete Receive… David Morris
Re: SMTP RFC: "MUST NOT" change or delete Receive… John Levine
Re: SMTP RFC: "MUST NOT" change or delete Receive… Dale R. Worley
Re: SMTP RFC: "MUST NOT" change or delete Receive… Dave Crocker
Re: SMTP RFC: "MUST NOT" change or delete Receive… Scott Brim
Re: SMTP RFC: "MUST NOT" change or delete Receive… Hector Santos
Re: SMTP RFC: "MUST NOT" change or delete Receive… Hector Santos
Re: SMTP RFC: "MUST NOT" change or delete Receive… David Morris
Re: SMTP RFC: "MUST NOT" change or delete Receive… Ted Lemon
Re: SMTP RFC: "MUST NOT" change or delete Receive… John Levine
Re: SMTP RFC: "MUST NOT" change or delete Receive… Dick Franks
Re: SMTP RFC: "MUST NOT" change or delete Receive… Hector Santos
Re: SMTP RFC: "MUST NOT" change or delete Receive… Hector Santos
RE: SMTP RFC: "MUST NOT" change or delete Receive… Christian Huitema
Re: SMTP RFC: "MUST NOT" change or delete Receive… Phillip Hallam-Baker
Re: SMTP RFC: "MUST NOT" change or delete Receive… John Levine
Re: SMTP RFC: "MUST NOT" change or delete Receive… John C Klensin
Re: SMTP RFC: "MUST NOT" change or delete Receive… Phillip Hallam-Baker
Re: SMTP RFC: "MUST NOT" change or delete Receive… John C Klensin
Re: SMTP RFC: "MUST NOT" change or delete Receive… Randy Bush
Re: SMTP RFC: "MUST NOT" change or delete Receive… Randy Bush
Re: SMTP RFC: "MUST NOT" change or delete Receive… Ted Lemon
Re: SMTP RFC: "MUST NOT" change or delete Receive… John Levine
Re: SMTP RFC: "MUST NOT" change or delete Receive… John Levine
Re[2]: SMTP RFC: "MUST NOT" change or delete Rece… mohammed serrhini
Re: SMTP RFC: "MUST NOT" change or delete Receive… Dave Crocker
Re: SMTP RFC: "MUST NOT" change or delete Receive… John C Klensin
Re: SMTP RFC: "MUST NOT" change or delete Receive… Dave Cridland
Re: SMTP RFC: "MUST NOT" change or delete Receive… Hector Santos
Re: SMTP RFC: "MUST NOT" change or delete Receive… Michael Richardson
Re: SMTP RFC: "MUST NOT" change or delete Receive… John C Klensin
Re: SMTP RFC: "MUST NOT" change or delete Receive… John C Klensin
Mail System Reliability [was: Re: SMTP RFC: "MUST… Hector Santos
Re: SMTP RFC: "MUST NOT" change or delete Receive… Phillip Hallam-Baker
Re: SMTP RFC: "MUST NOT" change or delete Receive… Murray S. Kucherawy