Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

Chris Newman <> Sun, 29 November 2015 17:12 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 084341A1A93; Sun, 29 Nov 2015 09:12:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.785
X-Spam-Status: No, score=-4.785 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.585, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id enD6RVHEcmZX; Sun, 29 Nov 2015 09:12:32 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id C21A11A1A8D; Sun, 29 Nov 2015 09:12:32 -0800 (PST)
Received: from ( []) by (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id tATHCUi4018214 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Sun, 29 Nov 2015 17:12:31 GMT
Received: from ( []) by (8.13.8/8.13.8) with ESMTP id tATHCUXI010076; Sun, 29 Nov 2015 17:12:30 GMT
MIME-version: 1.0
Content-type: multipart/alternative; boundary="Boundary_(ID_MNizgw3uUAkE/EWpBFj4YQ)"
Received: from ( []) by (Oracle Communications Messaging Server 64bit (built Mar 19 2015)) with ESMTPSA id <>; Sun, 29 Nov 2015 09:12:28 -0800 (PST)
Date: Sun, 29 Nov 2015 09:12:20 -0800
From: Chris Newman <>
Message-id: <>
In-reply-to: <>
References: <alpine.OSX.2.11.1511282155180.1479@ary.lan> <> <Eoqbyz/axxwfm7I0m8X7QOm53qcBtCJIuS/> <>
X-Mailer: Airmail (335)
X-Source-IP: []
Archived-At: <>
X-Mailman-Approved-At: Mon, 30 Nov 2015 03:14:36 -0800
Subject: Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SMTP Headers Unhealthy To User Privacy <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 29 Nov 2015 17:12:34 -0000

I oppose the current shutup charter text and draft-josefsson-email-received-privacy as both promote the elimination of mechanisms that protect users from fraud and abuse.

As I do care about user privacy, here's a strawman charter that I would support:

This WG will investigate mechanisms to conceal the information exposed by the submission client's IP address in the mandatory received header generated by the submission server. The output of this WG will provide a mechanism as effective at tracing abuse and fraud as current use of the submission client's IP address. Changing other rules related to received headers in SMTP is out of scope for this WG.

I believe RFC 2442 combined with PGP or S/MIME adequately protects email headers. I worked on an implementation of that in the 1990s. I'm doubtful the memory-hole proposal is sufficiently better or sufficiently likely to deploy to be worth IETF effort.

		- Chris