Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

Ted Lemon <mellon@fugue.com> Wed, 02 December 2015 15:28 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: shutup@ietfa.amsl.com
Delivered-To: shutup@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0EBA71A8745; Wed, 2 Dec 2015 07:28:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.912
X-Spam-Level:
X-Spam-Status: No, score=-1.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rc0jjUUJHdHQ; Wed, 2 Dec 2015 07:28:19 -0800 (PST)
Received: from fugue.com (mail-2.fugue.com [IPv6:2a01:7e01::f03c:91ff:fee4:ad68]) by ietfa.amsl.com (Postfix) with ESMTP id 948761A86EE; Wed, 2 Dec 2015 07:28:18 -0800 (PST)
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="----sinikael-?=_1-14490700954770.9738120217807591"
From: Ted Lemon <mellon@fugue.com>
To: shutup@ietf.org
In-Reply-To: <565EFD93.2060507@pscs.co.uk>
References: <20151130042819.10658.qmail@ary.lan> <1448858775386-ceecd236-8b11ac04-a03b4438@fugue.com> <01PTPUIP3IUK01729W@mauve.mrochek.com> <11d014e5-9a6a-4b78-92a1-8e0a1e0a905d@gulbrandsen.priv.no> <lGTaHvC8ygXWFAuu@highwayman.com> <565EBD82.2030600@pscs.co.uk> <1449065151122-b9505bf5-be5f0e83-f9cdd79b@fugue.com> <565EFD93.2060507@pscs.co.uk>
Date: Wed, 02 Dec 2015 15:28:15 +0000
Message-Id: <1449070095816-c64690a8-829c0c47-fd944ab9@fugue.com>
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/shutup/cVCW8NkK2sHiALpERgvE1DIN-Rk>
Cc: ietf-smtp@ietf.org
Subject: Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)
X-BeenThere: shutup@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SMTP Headers Unhealthy To User Privacy <shutup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/shutup>, <mailto:shutup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/shutup/>
List-Post: <mailto:shutup@ietf.org>
List-Help: <mailto:shutup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/shutup>, <mailto:shutup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2015 15:28:21 -0000

Wednesday, Dec 2, 2015 9:17 AM Paul Smith wrote:
> Eg, someone says to me "so and so received this message from me, but I didn't send it - has my laptop got a virus on it?" I can look at the IP address in the Received header and say, "no, that message came from China, someone's just spoofing your address",  or "it may have done, is your ISP 'bigisp.com'?" (or in some cases, "is your home IP address 1.2.3.4?" (if they have a static IP address))

This is email that your customer sent through your server (or didn't).   Suppose you didn't have the Received header with the user's IP address on it.   Are you really going to tell me that you couldn't use information at your disposal to give both of the answers that you proposed?

If it was not sent through your server, you don't even need to look at your logs to see that--it's in the Received header fields that you didn't redact, or rather, it's evident because your mail servers probably aren't mentioned in the Received header fields.   If they are, then you can go look at the logs to see what IP address connected to the server to drop that email; if the logs don't match the headers, it's fake, and if they do, you have the submitter's IP address.

I will grant you that the Received header field saves you some time, but it doesn't prevent you from answering the particular question that you are proposing as a motivating use case for not redacting it.   If this were a serious problem, you would spend a half hour to write a script that eliminated the time difference.


--
Sent from Whiteout Mail - https://whiteout.io

My PGP key: https://keys.whiteout.io/mellon@fugue.com