Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

"John Levine" <> Tue, 01 December 2015 17:50 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 01AA71B29BB for <>; Tue, 1 Dec 2015 09:50:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 1.663
X-Spam-Level: *
X-Spam-Status: No, score=1.663 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id nDV8mtMRrx6L for <>; Tue, 1 Dec 2015 09:50:51 -0800 (PST)
Received: from ( [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 151C51B29B2 for <>; Tue, 1 Dec 2015 09:50:50 -0800 (PST)
Received: (qmail 64605 invoked from network); 1 Dec 2015 17:50:49 -0000
Received: from unknown ( by with QMQP; 1 Dec 2015 17:50:49 -0000
Date: 1 Dec 2015 17:50:28 -0000
Message-ID: <20151201175028.18462.qmail@ary.lan>
From: "John Levine" <>
In-Reply-To: <>
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: <>
Subject: Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SMTP Headers Unhealthy To User Privacy <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 01 Dec 2015 17:50:52 -0000

>It is certainly true that if the submit server is not operated by a responsible entity, then
>we have a problem.   The right fix for that problem is probably something similar to what
>John has said AOL did in a similar situation: start greylisting mail from that provider so
>that the high rate of spam chokes their queues, and they will start to be more proactive in
>addressing problems.

Ah, OK.  As I said, AOL used the IP addresess of the naughty users,
logged in the received headers in the incoming mail, to decide what to
reject.  (It wasn't greylisting since they rejected it every time the
ISP retried.)  Without those IPs they couldn't have done it, since
they certainly weren't going to reject legitimate mail from the other

I'm glad to see that we now agree that logging the submission IP
addresses provides important security benefits.