Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

Ted Lemon <> Fri, 04 December 2015 02:48 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 86B001B2A5D; Thu, 3 Dec 2015 18:48:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.912
X-Spam-Status: No, score=-1.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id s7K3Xm7YKzIg; Thu, 3 Dec 2015 18:48:48 -0800 (PST)
Received: from ( [IPv6:2a01:7e01::f03c:91ff:fee4:ad68]) by (Postfix) with ESMTP id 1EB441B2A03; Thu, 3 Dec 2015 18:48:46 -0800 (PST)
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="----sinikael-?=_1-14491973233290.9587844042107463"
From: Ted Lemon <>
In-Reply-To: <p06240403d286acd52687@[]>
References: <20151130042819.10658.qmail@ary.lan> <> <> <> <> <> <> <> <> <> <> <p06240403d286acd52687@[]>
Date: Fri, 04 Dec 2015 02:48:43 +0000
Message-Id: <>
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SMTP Headers Unhealthy To User Privacy <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 04 Dec 2015 02:48:49 -0000

Thursday, Dec 3, 2015 9:39 PM Robert A. Rosenberg wrote:
> If the message is HTML, then putting a 1x1 web-bug image in the HTML will trigger the info UNLESS the user's MUA is set to NOT automatically retrieve images.

That retrieving images is the default behavior of most MUAs, and that it is even possible to do without cryptographically validating the ID of the sender in _any_ MUA, is an example of what I am talking about when I say that UI design is vitally important to protecting users' privacy.

Obviously if you have an MUA that behaves so stupidly, then your privacy is forfeit.   At present, that's most MUAs.   This is something that I hope MUA implementors will wise up to, and we ought to be advising them to if we aren't already.

There are some ways of fixing this without involving the MUA.   E.g., if a user gets email with links to images, rewrite all of the links to point to a proxy that has a mapping between each rewritten link and the original; if the MUA fetches against that link, proxy it.   This protects the end user's IP address without requiring that they install a new MUA, and should be the default behavior of every mail system (but I suspect isn't the default behavior of any, although I heard Google was contemplating doing something like this).

Sent from Whiteout Mail -

My PGP key: