Re: SMTP RFC: "MUST NOT" change or delete Received header
Dick Franks <rwfranks@acm.org> Sat, 29 March 2014 17:20 UTC
Return-Path: <rwfranks@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FF331A074F for <ietf@ietfa.amsl.com>; Sat, 29 Mar 2014 10:20:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h3kPv-qnkzlC for <ietf@ietfa.amsl.com>; Sat, 29 Mar 2014 10:20:53 -0700 (PDT)
Received: from mail-yk0-x234.google.com (mail-yk0-x234.google.com [IPv6:2607:f8b0:4002:c07::234]) by ietfa.amsl.com (Postfix) with ESMTP id 7F7DD1A06B4 for <ietf@ietf.org>; Sat, 29 Mar 2014 10:20:53 -0700 (PDT)
Received: by mail-yk0-f180.google.com with SMTP id 19so1872549ykq.11 for <ietf@ietf.org>; Sat, 29 Mar 2014 10:20:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=mFPygxnNLrJF9xkDtmI0sWftzeowTfzZM6HGOrn/CPk=; b=n5MsA7Umux0LLErk+Jss2+G1Qr4hTdD6Pj2uguDDb2BkT6FOrth7DdMJRDRUFN01+M xOSLA5qPpu247iohi0QTLN2n+4rXF8ZenFFVzya1/dcSPwNUxPVb7KpfdS8EiO11D0UF mKFiMF60G2LMGkjch+J1cAwgxGq78swj3dmJe35bMYec4QSXFspA90ykO9C6IfI1ROAw dZikVNSagGi26IlfBpGi5AOE7IPNGXh/pmRbqRwfpljmpe9dgd0gwk7ZkKACbm18SYy4 fnfn31zquy7pGBJK4IIGd/S2K6ZNEJ+5hQD21KYZi5slzu8BHJ1OBVyONQpFaksmFAaR yE5Q==
X-Received: by 10.236.166.169 with SMTP id g29mr2668880yhl.135.1396113650925; Sat, 29 Mar 2014 10:20:50 -0700 (PDT)
MIME-Version: 1.0
Sender: rwfranks@gmail.com
Received: by 10.170.154.68 with HTTP; Sat, 29 Mar 2014 10:20:10 -0700 (PDT)
In-Reply-To: <201403291601.s2TG1bnv020848@hobgoblin.ariadne.com>
References: <mailman.1570.1395964793.2468.ietf@ietf.org> <53366F34.8050501@ageispolis.net> <201403291601.s2TG1bnv020848@hobgoblin.ariadne.com>
From: Dick Franks <rwfranks@acm.org>
Date: Sat, 29 Mar 2014 17:20:10 +0000
X-Google-Sender-Auth: F_dRSUilg96-AqlCTcuRq_cWtyM
Message-ID: <CAKW6Ri4DgL0wuvKq+HO9a2CCWfADzcFnAS12_HHJBF7+kQB-cg@mail.gmail.com>
Subject: Re: SMTP RFC: "MUST NOT" change or delete Received header
To: "Dale R. Worley" <worley@ariadne.com>
Content-Type: multipart/alternative; boundary="20cf303f6cb23ac3f404f5c20aaf"
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/ns8fDloz7cm3-_o1MiFnCX_ayXc
Cc: "Kevin M. Gallagher" <kevin@ageispolis.net>, IETF Discussion <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Mar 2014 17:20:54 -0000
On 29 March 2014 16:01, Dale R. Worley <worley@ariadne.com> wrote: > > From: "Kevin M. Gallagher" <kevin@ageispolis.net> > > > > What do people today think of the SMTP RFC's current requirement that > > mail programs and servers must not under any circumstances change or > > delete Received: headers? Is exposing sender IP addresses to any > > attacker who can view e-mail headers, for the purposes of preserving > > trace information, really worth it when weighed against considerations > > like security and privacy? > > Received: headers are quite useful when you're trying to figure out > which mail server sat on the message for four days. > > They're also useful when you're trying to figure out what sequence of > address rewrites got the message to you. > > Try explaining to some other organisation that their mail system is broken without the evidence readily available. The longest delivery delay I ever investigated was a magnificent 17 months! The recipient was truly baffled. A mailserver far away had a disk restored from backup, complete with a queued message in the level 0 dump.
- SMTP RFC: "MUST NOT" change or delete Received he… Kevin M. Gallagher
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Randy Bush
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Dave Cridland
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Eliot Lear
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Ted Lemon
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Dave Aronson
- Re: SMTP RFC: "MUST NOT" change or delete Receive… David Morris
- Re: SMTP RFC: "MUST NOT" change or delete Receive… John Levine
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Dale R. Worley
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Dave Crocker
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Scott Brim
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Hector Santos
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Hector Santos
- Re: SMTP RFC: "MUST NOT" change or delete Receive… David Morris
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Ted Lemon
- Re: SMTP RFC: "MUST NOT" change or delete Receive… John Levine
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Dick Franks
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Hector Santos
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Hector Santos
- RE: SMTP RFC: "MUST NOT" change or delete Receive… Christian Huitema
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Phillip Hallam-Baker
- Re: SMTP RFC: "MUST NOT" change or delete Receive… John Levine
- Re: SMTP RFC: "MUST NOT" change or delete Receive… John C Klensin
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Phillip Hallam-Baker
- Re: SMTP RFC: "MUST NOT" change or delete Receive… John C Klensin
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Randy Bush
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Randy Bush
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Ted Lemon
- Re: SMTP RFC: "MUST NOT" change or delete Receive… John Levine
- Re: SMTP RFC: "MUST NOT" change or delete Receive… John Levine
- Re[2]: SMTP RFC: "MUST NOT" change or delete Rece… mohammed serrhini
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Dave Crocker
- Re: SMTP RFC: "MUST NOT" change or delete Receive… John C Klensin
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Dave Cridland
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Hector Santos
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Michael Richardson
- Re: SMTP RFC: "MUST NOT" change or delete Receive… John C Klensin
- Re: SMTP RFC: "MUST NOT" change or delete Receive… John C Klensin
- Mail System Reliability [was: Re: SMTP RFC: "MUST… Hector Santos
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Phillip Hallam-Baker
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Murray S. Kucherawy