Re: SMTP RFC: "MUST NOT" change or delete Received header
Phillip Hallam-Baker <hallam@gmail.com> Sun, 30 March 2014 14:55 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6EC261A07C1 for <ietf@ietfa.amsl.com>; Sun, 30 Mar 2014 07:55:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H8Drclw5b0TR for <ietf@ietfa.amsl.com>; Sun, 30 Mar 2014 07:55:40 -0700 (PDT)
Received: from mail-la0-x229.google.com (mail-la0-x229.google.com [IPv6:2a00:1450:4010:c03::229]) by ietfa.amsl.com (Postfix) with ESMTP id ACCD01A0505 for <ietf@ietf.org>; Sun, 30 Mar 2014 07:55:39 -0700 (PDT)
Received: by mail-la0-f41.google.com with SMTP id gl10so5179911lab.28 for <ietf@ietf.org>; Sun, 30 Mar 2014 07:55:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=aUvO1jBps9pxTGwb7H+VwxPnKcITRy40qLaEQFbk+U4=; b=IjP3P79EIQpb9u/OkwJzPvOq9xbjStom1dvukbYYyaNil4vhCdegRaMh2PMHkT7AUn 6oRid54/1bouL8l+P8ZmhB81X18y8B+bZGfTtU8H49MTqGI5f3D9lHYfvcj10D1g6f5D g/ffmzJTdyzm1ceVcamNMQ8CgDEo20HyrGZw9RHeqjANb6K7u4VtKRx4UX3GrD5/Vywb W89Cb4TFe3IkXqV+7UUPgCfpY/X54GzSW7hKhwv4HvTfQkr10OhF8HMU2AdMAUylkeZ9 0McWsaJ3VNTszS1LuYkTnkaZfZIRWI0364ukeT3rGlp44DT77DU4qrvMdeKL+eHM3j6w S0VA==
MIME-Version: 1.0
X-Received: by 10.112.94.229 with SMTP id df5mr1270181lbb.36.1396191336030; Sun, 30 Mar 2014 07:55:36 -0700 (PDT)
Received: by 10.112.234.229 with HTTP; Sun, 30 Mar 2014 07:55:35 -0700 (PDT)
In-Reply-To: <20140329145903.39132.qmail@joyce.lan>
References: <53366F34.8050501@ageispolis.net> <20140329145903.39132.qmail@joyce.lan>
Date: Sun, 30 Mar 2014 10:55:35 -0400
Message-ID: <CAMm+LwiOJZt9aqEmZDxPFkjvHdETMKGo1tik8ege94XfXu+j4g@mail.gmail.com>
Subject: Re: SMTP RFC: "MUST NOT" change or delete Received header
From: Phillip Hallam-Baker <hallam@gmail.com>
To: John Levine <johnl@taugh.com>
Content-Type: multipart/alternative; boundary="001a1135f7ac9f67da04f5d4200a"
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/sYvk2grXB82-OpfchxMdOhjbcT0
Cc: kevin@ageispolis.net, IETF Discussion Mailing List <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 30 Mar 2014 14:55:41 -0000
On Sat, Mar 29, 2014 at 10:59 AM, John Levine <johnl@taugh.com> wrote: > >What do people today think of the SMTP RFC's current requirement that > >mail programs and servers must not under any circumstances change or > >delete Received: headers? Is exposing sender IP addresses to any > >attacker who can view e-mail headers, for the purposes of preserving > >trace information, really worth it when weighed against considerations > >like security and privacy? > > The headers are useful for debugging, particularly for things like > forwarding loops. Debugging is not a justification for MUST. Never, ever, ever. The justifications are * Interoperability * Security / stability. The justification for MUST was I suspect to prevent infinite recursion mail loops. For that particular purpose a count is sufficient. > Particularly on public webmail systems, it lets you > see where spam is coming from, and offers the possibility of alerting > the originating operator if you think they'll care. Gmail is notable > in redacting this from some (not all) of their outgoing mail. > > What sorts of attacks do you think are enabled by allowing mail > recipients to see the headers? > The requirement does not meet contemporary requirements for MUST so it is invalid. Systems out on the net are justifiably ignoring it. -- Website: http://hallambaker.com/
- SMTP RFC: "MUST NOT" change or delete Received he… Kevin M. Gallagher
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Randy Bush
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Dave Cridland
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Eliot Lear
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Ted Lemon
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Dave Aronson
- Re: SMTP RFC: "MUST NOT" change or delete Receive… David Morris
- Re: SMTP RFC: "MUST NOT" change or delete Receive… John Levine
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Dale R. Worley
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Dave Crocker
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Scott Brim
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Hector Santos
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Hector Santos
- Re: SMTP RFC: "MUST NOT" change or delete Receive… David Morris
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Ted Lemon
- Re: SMTP RFC: "MUST NOT" change or delete Receive… John Levine
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Dick Franks
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Hector Santos
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Hector Santos
- RE: SMTP RFC: "MUST NOT" change or delete Receive… Christian Huitema
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Phillip Hallam-Baker
- Re: SMTP RFC: "MUST NOT" change or delete Receive… John Levine
- Re: SMTP RFC: "MUST NOT" change or delete Receive… John C Klensin
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Phillip Hallam-Baker
- Re: SMTP RFC: "MUST NOT" change or delete Receive… John C Klensin
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Randy Bush
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Randy Bush
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Ted Lemon
- Re: SMTP RFC: "MUST NOT" change or delete Receive… John Levine
- Re: SMTP RFC: "MUST NOT" change or delete Receive… John Levine
- Re[2]: SMTP RFC: "MUST NOT" change or delete Rece… mohammed serrhini
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Dave Crocker
- Re: SMTP RFC: "MUST NOT" change or delete Receive… John C Klensin
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Dave Cridland
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Hector Santos
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Michael Richardson
- Re: SMTP RFC: "MUST NOT" change or delete Receive… John C Klensin
- Re: SMTP RFC: "MUST NOT" change or delete Receive… John C Klensin
- Mail System Reliability [was: Re: SMTP RFC: "MUST… Hector Santos
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Phillip Hallam-Baker
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Murray S. Kucherawy