Re: SMTP RFC: "MUST NOT" change or delete Received header

"John Levine" <johnl@taugh.com> Sat, 29 March 2014 14:59 UTC

Date: Sat, 29 Mar 2014 14:59:03 -0000
Message-ID: <20140329145903.39132.qmail@joyce.lan>
From: John Levine <johnl@taugh.com>
To: ietf@ietf.org
Subject: Re: SMTP RFC: "MUST NOT" change or delete Received header
In-Reply-To: <53366F34.8050501@ageispolis.net>
Organization:
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/wQ8B5D6AJAhvnT6UdvRurrl52E8
Cc: kevin@ageispolis.net
Precedence: list

>What do people today think of the SMTP RFC's current requirement that
>mail programs and servers must not under any circumstances change or
>delete Received: headers? Is exposing sender IP addresses to any
>attacker who can view e-mail headers, for the purposes of preserving
>trace information, really worth it when weighed against considerations
>like security and privacy?

The headers are useful for debugging, particularly for things like
forwarding loops.  Particularly on public webmail systems, it lets you
see where spam is coming from, and offers the possibility of alerting
the originating operator if you think they'll care.  Gmail is notable
in redacting this from some (not all) of their outgoing mail.

What sorts of attacks do you think are enabled by allowing mail
recipients to see the headers?

SMTP RFC: "MUST NOT" change or delete Received he… Kevin M. Gallagher
Re: SMTP RFC: "MUST NOT" change or delete Receive… Randy Bush
Re: SMTP RFC: "MUST NOT" change or delete Receive… Dave Cridland
Re: SMTP RFC: "MUST NOT" change or delete Receive… Eliot Lear
Re: SMTP RFC: "MUST NOT" change or delete Receive… Ted Lemon
Re: SMTP RFC: "MUST NOT" change or delete Receive… Dave Aronson
Re: SMTP RFC: "MUST NOT" change or delete Receive… David Morris
Re: SMTP RFC: "MUST NOT" change or delete Receive… John Levine
Re: SMTP RFC: "MUST NOT" change or delete Receive… Dale R. Worley
Re: SMTP RFC: "MUST NOT" change or delete Receive… Dave Crocker
Re: SMTP RFC: "MUST NOT" change or delete Receive… Scott Brim
Re: SMTP RFC: "MUST NOT" change or delete Receive… Hector Santos
Re: SMTP RFC: "MUST NOT" change or delete Receive… Hector Santos
Re: SMTP RFC: "MUST NOT" change or delete Receive… David Morris
Re: SMTP RFC: "MUST NOT" change or delete Receive… Ted Lemon
Re: SMTP RFC: "MUST NOT" change or delete Receive… John Levine
Re: SMTP RFC: "MUST NOT" change or delete Receive… Dick Franks
Re: SMTP RFC: "MUST NOT" change or delete Receive… Hector Santos
Re: SMTP RFC: "MUST NOT" change or delete Receive… Hector Santos
RE: SMTP RFC: "MUST NOT" change or delete Receive… Christian Huitema
Re: SMTP RFC: "MUST NOT" change or delete Receive… Phillip Hallam-Baker
Re: SMTP RFC: "MUST NOT" change or delete Receive… John Levine
Re: SMTP RFC: "MUST NOT" change or delete Receive… John C Klensin
Re: SMTP RFC: "MUST NOT" change or delete Receive… Phillip Hallam-Baker
Re: SMTP RFC: "MUST NOT" change or delete Receive… John C Klensin
Re: SMTP RFC: "MUST NOT" change or delete Receive… Randy Bush
Re: SMTP RFC: "MUST NOT" change or delete Receive… Randy Bush
Re: SMTP RFC: "MUST NOT" change or delete Receive… Ted Lemon
Re: SMTP RFC: "MUST NOT" change or delete Receive… John Levine
Re: SMTP RFC: "MUST NOT" change or delete Receive… John Levine
Re[2]: SMTP RFC: "MUST NOT" change or delete Rece… mohammed serrhini
Re: SMTP RFC: "MUST NOT" change or delete Receive… Dave Crocker
Re: SMTP RFC: "MUST NOT" change or delete Receive… John C Klensin
Re: SMTP RFC: "MUST NOT" change or delete Receive… Dave Cridland
Re: SMTP RFC: "MUST NOT" change or delete Receive… Hector Santos
Re: SMTP RFC: "MUST NOT" change or delete Receive… Michael Richardson
Re: SMTP RFC: "MUST NOT" change or delete Receive… John C Klensin
Re: SMTP RFC: "MUST NOT" change or delete Receive… John C Klensin
Mail System Reliability [was: Re: SMTP RFC: "MUST… Hector Santos
Re: SMTP RFC: "MUST NOT" change or delete Receive… Phillip Hallam-Baker
Re: SMTP RFC: "MUST NOT" change or delete Receive… Murray S. Kucherawy