Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

"Robert A. Rosenberg" <> Fri, 04 December 2015 05:03 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 2274F1B2DCA; Thu, 3 Dec 2015 21:03:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 30W0tMfaAcnW; Thu, 3 Dec 2015 21:03:50 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id BDFE01B2DC8; Thu, 3 Dec 2015 21:03:50 -0800 (PST)
Received: from [] ( []) by (Postfix) with ESMTPA id A17971720E; Fri, 4 Dec 2015 00:03:49 -0500 (EST)
Mime-Version: 1.0
Message-Id: <p06240407d286ca9198c9@[]>
In-Reply-To: <>
References: <20151130042819.10658.qmail@ary.lan> <> <> <> <> <> <> <> <> <> <> <p06240403d286acd52687@[]> <>
X-Mailer: Eudora for Mac OS X 6.2.4 (MacOS 10.5.8)
Date: Thu, 3 Dec 2015 23:53:10 -0500
To: Ted Lemon <>
From: "Robert A. Rosenberg" <>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Archived-At: <>
X-Mailman-Approved-At: Fri, 04 Dec 2015 00:11:43 -0800
Subject: Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SMTP Headers Unhealthy To User Privacy <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 04 Dec 2015 05:03:52 -0000

At 02:48 +0000 on 12/04/2015, Ted Lemon wrote about Re: [ietf-smtp] 
[Shutup] Proposed Charter for the "SMTP Hea:

>Thursday, Dec 3, 2015 9:39 PM Robert A. Rosenberg wrote:
>>  If the message is HTML, then putting a 1x1 web-bug image in the 
>>HTML will trigger the info UNLESS the user's MUA is set to NOT 
>>automatically retrieve images.
>That retrieving images is the default behavior of most MUAs, and 
>that it is even possible to do without cryptographically validating 
>the ID of the sender in _any_ MUA, is an example of what I am 
>talking about when I say that UI design is vitally important to 
>protecting users' privacy.
>Obviously if you have an MUA that behaves so stupidly, then your 
>privacy is forfeit.   At present, that's most MUAs.   This is 
>something that I hope MUA implementors will wise up to, and we ought 
>to be advising them to if we aren't already.

As you can see from my X-Mailer header (which BTW [since we are 
talking about leaking info] leaks the fact that I am using a Mac and 
what MacOS Version I am running) I use Eudora. One of its settings 
(which I have set) tells the MUA to NOT fetch images and to wait 
until I click on the image icon to replace the icon with the actual 
image. Thus I see the icon whenever I am sent a Web-Bug in lieu of 
the bug calling home.