Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

Ted Lemon <> Mon, 30 November 2015 03:25 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 4E68B1A0102 for <>; Sun, 29 Nov 2015 19:25:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.487
X-Spam-Status: No, score=-2.487 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.585, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id mqQv7g_0g-qZ for <>; Sun, 29 Nov 2015 19:25:05 -0800 (PST)
Received: from ( [IPv6:2a01:7e01::f03c:91ff:fee4:ad68]) by (Postfix) with ESMTP id 6B3021A00FE for <>; Sun, 29 Nov 2015 19:25:04 -0800 (PST)
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="----sinikael-?=_1-14488539010280.9295437661930919"
From: Ted Lemon <>
In-Reply-To: <20151130031150.10420.qmail@ary.lan>
References: <20151130031150.10420.qmail@ary.lan>
Date: Mon, 30 Nov 2015 03:25:01 +0000
Message-Id: <>
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SMTP Headers Unhealthy To User Privacy <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 30 Nov 2015 03:25:06 -0000

Sunday, Nov 29, 2015 10:11 PM John Levine wrote:
> Spam filters have been doing Received chain analysis for about 20
> years.

Yes, I know.   A friend of mine founded a company that worked using this principal.   Unfortunately, it got less and less effective as spammers got better and better at faking things.   The reason I asked for recent experience is that I'm curious if anyone is _still_ getting real benefit from this.

Since the only header-field you can actually trust is the first one that your own MTA adds, SPF works just as well (actually, a _lot_ better) as a validation mechanism.   If SPF isn't in use, the sender can just claim to be a legitimate agent for the source domain, and you have no way to check that claim.

Sent from Whiteout Mail -

My PGP key: