Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

Steve Atkins <steve@blighty.com> Mon, 30 November 2015 16:17 UTC

Return-Path: <steve@blighty.com>
X-Original-To: shutup@ietfa.amsl.com
Delivered-To: shutup@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ACF6D1ACE8B; Mon, 30 Nov 2015 08:17:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.001
X-Spam-Level:
X-Spam-Status: No, score=-0.001 tagged_above=-999 required=5 tests=[BAYES_20=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1b2bEirbt1JY; Mon, 30 Nov 2015 08:17:40 -0800 (PST)
Received: from mail.wordtothewise.com (mail.wordtothewise.com [184.105.179.154]) by ietfa.amsl.com (Postfix) with ESMTP id 7D0F01ACE89; Mon, 30 Nov 2015 08:17:40 -0800 (PST)
Received: from satsuke.wordtothewise.com (204.11.227.194.static.etheric.net [204.11.227.194]) by mail.wordtothewise.com (Postfix) with ESMTPSA id 4171C8052B; Mon, 30 Nov 2015 08:17:40 -0800 (PST)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 9.1 \(3096.5\))
From: Steve Atkins <steve@blighty.com>
In-Reply-To: <CAGGEJxYn=LoHvJRWzhD-fwg4JOFvzLW72WaVZ4sG9sWq4hPBnw@mail.gmail.com>
Date: Mon, 30 Nov 2015 08:17:39 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <B1D78E44-432D-4002-A4AE-AF16F2309C8F@blighty.com>
References: <20151130042819.10658.qmail@ary.lan> <1448858775386-ceecd236-8b11ac04-a03b4438@fugue.com> <01PTPUIP3IUK01729W@mauve.mrochek.com> <CAGGEJxYn=LoHvJRWzhD-fwg4JOFvzLW72WaVZ4sG9sWq4hPBnw@mail.gmail.com>
To: ietf-smtp@ietf.org
X-Mailer: Apple Mail (2.3096.5)
Archived-At: <http://mailarchive.ietf.org/arch/msg/shutup/c7ppQeYnySLIohYPovJHv7cWiAE>
X-Mailman-Approved-At: Mon, 30 Nov 2015 09:34:46 -0800
Cc: shutup@ietf.org
Subject: Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)
X-BeenThere: shutup@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SMTP Headers Unhealthy To User Privacy <shutup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/shutup>, <mailto:shutup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/shutup/>
List-Post: <mailto:shutup@ietf.org>
List-Help: <mailto:shutup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/shutup>, <mailto:shutup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Nov 2015 16:17:43 -0000

> On Nov 30, 2015, at 8:11 AM, Al Iverson <aiverson@spamresource.com> wrote:
> 
> On Mon, Nov 30, 2015 at 9:19 AM, Ned Freed <ned.freed@mrochek.com> wrote:
> 
>>> Do you seriously think that Google has special-case header parsing to deal with
>>> spam from Cornell students' infected computers?   No, they just use machine
>>> learning.
>> 
>> I have no idea what Google does, but I can assure you Received: field analysis
>> does play a role in spam filtering elsewhere. And even if it didn't, there's
>> more to mail operations than spam filtering.
> 
> I work for an email service provider dealing with rather large volumes
> of mail, yet Received header analysis still plays an important role
> for us in troubleshooting operational issues. It would be a tremendous
> loss to lose received headers or the IP address information in those
> headers. You raise Google as an example; Gmail occasionally seems to
> delay message delivery. The internal received hops in a Gmail header
> tell you that it's Gmail, not the sender, delaying that delivery of
> the message, because the message is likely queued on some internal
> server for some period of time, after sender's initial handoff.
> 
> Some of us do actually process this data at some level of scale to
> identify issues.
> 
> Not only do I seriously believe it, but I have also personally
> observed AOL to use special-case header parsing to deal with certain
> types of mail, to more directly answer your question.

I've heard AOL people discuss "second received header parsing", and
effective filtering of infected dorm computers behind University smarthosts
was one of the use cases. This isn't something speculative, it's something
that's been in use for years.

Cheers,
  Steve