[Shutup] Levels of proposals

Brandon Long <blong@google.com> Fri, 04 December 2015 00:36 UTC

Return-Path: <blong@google.com>
X-Original-To: shutup@ietfa.amsl.com
Delivered-To: shutup@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 2F23F1B2B7A for <shutup@ietfa.amsl.com>; Thu, 3 Dec 2015 16:36:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.388
X-Spam-Status: No, score=-1.388 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 7Yjv59Kr1EO4 for <shutup@ietfa.amsl.com>; Thu, 3 Dec 2015 16:36:17 -0800 (PST)
Received: from mail-io0-x22a.google.com (mail-io0-x22a.google.com [IPv6:2607:f8b0:4001:c06::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AED201B2B5B for <shutup@ietf.org>; Thu, 3 Dec 2015 16:36:17 -0800 (PST)
Received: by ioir85 with SMTP id r85so99996527ioi.1 for <shutup@ietf.org>; Thu, 03 Dec 2015 16:36:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=lcMAjVB7QQKSgKGdxfF0qcUdbUgwEKfAt4i7k8TvHR8=; b=lSspCp5TumIvOD0RPJPOEKw8rAmNK2a5wDz6MNUXKfICbxRK/PFgB3vQPDMUCAPAy3 ftTE+KLLD8Y8rTkSt4CkKSSvvAB4NywQWGEv2ZXm7y89O20ECilv3aqKffytu5mk8CN3 iOhWCXYFKTN5NNTGVyzP01UDiDec+uYnbB9o4PrxMlymakBdEmVXkFlhdzRgKGDCVum6 cOnfxvxPEOwKwsnI+MEDjiw0C2xZ0NQgZzbY09wqBiyrEnZJsrhoPK2qa+8vWFaCpnLy blilx0q1Hq9VsB3qgvLhfXSvoqY+4KOQfSyaz+2SiDdrdScXw5nZw/X8vNff891Cq496 sHyg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=lcMAjVB7QQKSgKGdxfF0qcUdbUgwEKfAt4i7k8TvHR8=; b=WibYcEUNcNmZe8TsR4C2y6zl11XQf8CzpB95MZU/Hx+xfHu+xDABORNPEbKlRs18v5 YS3LQeY3Citw7Zttz3HZx0oXxxuFGIGTKgPEpzEhUeTxI9njVeAzF86fCfTDLgvUSN1v SBq8QolOHebwzCvm42qLIaLSlrOKyhVexaaT3cxPsQgOpBKSzwQZkKRlvv5hHOHkxM2o 8zW8THmWRV96xrBaHOEguBaokEpuux7fAo2pi1bhx0EIYD+ZuL6roNxtndFdB0nuhx1H PytI/1slQn+12z8gCA0q55n4miKltkLXuawSyMxd+gi8NZ0VMD6M35eGQH72rshFUyWI zlJg==
X-Gm-Message-State: ALoCoQmgStNGTKs7fiYdWAmKbXtF/zzOghLiHytfM6uSNBU5FBteRdREyJHPYpT4OOloLmXmUtkv
MIME-Version: 1.0
X-Received: by with SMTP id y18mr11883618ioi.113.1449189376887; Thu, 03 Dec 2015 16:36:16 -0800 (PST)
Received: by with HTTP; Thu, 3 Dec 2015 16:36:16 -0800 (PST)
Date: Thu, 3 Dec 2015 16:36:16 -0800
Message-ID: <CABa8R6vfT-9=51B32++eUAVeq5xuhTNUuv62yeO+W6AErRFnDQ@mail.gmail.com>
From: Brandon Long <blong@google.com>
To: shutup@ietf.org, ietf-smtp <ietf-smtp@ietf.org>
Content-Type: multipart/alternative; boundary=001a113fe62e05f652052607b218
Archived-At: <http://mailarchive.ietf.org/arch/msg/shutup/7cpavyaw6hr1261O8u1qbnoz_5s>
Subject: [Shutup] Levels of proposals
X-BeenThere: shutup@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SMTP Headers Unhealthy To User Privacy <shutup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/shutup>, <mailto:shutup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/shutup/>
List-Post: <mailto:shutup@ietf.org>
List-Help: <mailto:shutup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/shutup>, <mailto:shutup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Dec 2015 00:36:19 -0000

The WG proposal seems to imply taking all IPs out.  The discussion has
mostly been about submission.

It seems to me that there are at least three different IPs used, and some
of these are going to be visible regardless of intent.

Ie, there is the submission IPs, there are "internal" IPs, and external

Submission IPs seem like the largest level of risk, and from my gross
understanding of anti-spam, pretty minor.  I'm not sure what the current
source levels are, but submission IPs would be most useful in the case of
hijacked account spam or abusive account spam.  Presumably, if spam reports
about such are forwarded to the MSP, then the MSP can easily store the
information somewhere other than the easily forged headers and take the
appropriate action.  Only if the answer is "they don't take action" would
you need more.

Also, if the previous thread's list of large MSPs inclusion of submission
IPs is correct, then >2 out of the top 3 have already removed them (ie,
only a fraction of Gmail mail has them at this point).

Internal IPs, this hardly seems controversial.  If any mail system did
that, not sure if anyone would bat an eye.

External IPs, ie server to server... I guess one may learn "something" if
you can tell which submission server they talked to, we certainly have
servers across the world... but even with 20 odd locations, I doubt that
would be that specific.

So, I would recommend concentrating on submission IPs.  I might also
include a recommendation for submission servers to store the IPs for some
length of time to allow for abuse handling, or even to include an encrypted
version in the message.