Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

Steve Atkins <steve@blighty.com> Sun, 29 November 2015 19:10 UTC

Return-Path: <steve@blighty.com>
X-Original-To: shutup@ietfa.amsl.com
Delivered-To: shutup@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 707B51B31E8; Sun, 29 Nov 2015 11:10:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jSec-F9AT6Wr; Sun, 29 Nov 2015 11:10:31 -0800 (PST)
Received: from mail.wordtothewise.com (mail.wordtothewise.com [184.105.179.154]) by ietfa.amsl.com (Postfix) with ESMTP id 372C81B31E2; Sun, 29 Nov 2015 11:10:31 -0800 (PST)
Received: from satsuke.wordtothewise.com (204.11.227.194.static.etheric.net [204.11.227.194]) by mail.wordtothewise.com (Postfix) with ESMTPSA id D49A78052B; Sun, 29 Nov 2015 11:10:30 -0800 (PST)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 9.1 \(3096.5\))
From: Steve Atkins <steve@blighty.com>
In-Reply-To: <565B351B.7090104@dcrocker.net>
Date: Sun, 29 Nov 2015 11:10:30 -0800
Content-Transfer-Encoding: 7bit
Message-Id: <8BB2876F-5E87-4890-AA5F-E9ED9923C3B8@blighty.com>
References: <alpine.OSX.2.11.1511282155180.1479@ary.lan> <565A7234.7010000@alameth.org> <Eoqbyz/axxwfm7I0m8X7QOm53qcBtCJIuS/eiVFyCig=.sha-256@antelope.email> <072F93223CD351A88ECCDB69@JcK-HP5.jck.com> <etPan.565b31fa.335268bd.11ea@dhcp-whq-twvpn-1-vpnpool-10-159-139-85.vpn.oracle.com> <565B351B.7090104@dcrocker.net>
To: ietf-smtp@ietf.org, shutup@ietf.org
X-Mailer: Apple Mail (2.3096.5)
Archived-At: <http://mailarchive.ietf.org/arch/msg/shutup/Du2jp2btohLpYGDHH8z1CVP6TF4>
X-Mailman-Approved-At: Mon, 30 Nov 2015 03:14:36 -0800
Subject: Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)
X-BeenThere: shutup@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SMTP Headers Unhealthy To User Privacy <shutup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/shutup>, <mailto:shutup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/shutup/>
List-Post: <mailto:shutup@ietf.org>
List-Help: <mailto:shutup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/shutup>, <mailto:shutup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Nov 2015 19:10:32 -0000

> On Nov 29, 2015, at 9:25 AM, Dave Crocker <dhc@dcrocker.net> wrote:
> 
> On 11/29/2015 9:12 AM, Chris Newman wrote:
> 
>> ====
>> This WG will investigate mechanisms to conceal the information exposed
>> by the submission client's IP address in the mandatory received header
>> generated by the submission server. The output of this WG will provide a
>> mechanism as effective at tracing abuse and fraud as current use of the
>> submission client's IP address. Changing other rules related to received
>> headers in SMTP is out of scope for this WG.
>> ====
> 
> 
> Chris's approach is reasonable, but I fear it is premature.
> 
> The foundational issue here is a trade-off between information hiding
> and information disclosure.  Privacy vs. ops support.
> 
> I've seen essentially no public discussions, here or anywhere else,
> about the technical aspects of this policy tradeoff.
> 
> Absent some community-based sense of the underlying technical issues
> here, targeting a specification is, in my view, not ready for prime time.

There are already providers who remove or falsify Received headers in
order to protect their users, so there is also the opportunity to look at
what is currently being done and the effects of it.

As one example, Gmail is one of those providers. (They're also consistently
the biggest source of B2B spam in my inbox.)

Cheers,
  Steve