Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

"John Levine" <> Wed, 02 December 2015 17:40 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 0C82D1ACD37 for <>; Wed, 2 Dec 2015 09:40:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.027
X-Spam-Status: No, score=-1.027 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 5op7iRxYMYvC for <>; Wed, 2 Dec 2015 09:40:28 -0800 (PST)
Received: from ( [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id BA4AD1ACD2F for <>; Wed, 2 Dec 2015 09:40:27 -0800 (PST)
Received: (qmail 47164 invoked from network); 2 Dec 2015 17:40:26 -0000
Received: from unknown ( by with QMQP; 2 Dec 2015 17:40:26 -0000
Date: 2 Dec 2015 17:40:04 -0000
Message-ID: <20151202174004.23134.qmail@ary.lan>
From: "John Levine" <>
In-Reply-To: <>
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: <>
Subject: Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SMTP Headers Unhealthy To User Privacy <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 02 Dec 2015 17:40:33 -0000

>can describe) so we can get more data to #3.  However, I suspect that we
>will find that the majority of "use-cases" for Received data are harmful
>to users, ...

Not surprisingly, I suspect the exact opposite, that there's a long
list of ways that networks and mail operators use Received data to
help and protect their users, and the harm is at this point largely,
maybe entirely, speculative.  Over on ietf-smtp, we've heard from
actual mail system operators describing the uses they make of it.

The fact that you can tell approximately where someone is is not a
harm unless and you can explain how that information has been used to
his detriment.  You can kind of tell where I am from my mail headers,
but since my name and address and phone number are in the phone book,
it's hard to imagine what the damage would be.

Arguments along the lines of well, somebody might do this are not
persuasive.  Anyone might do anything.  I would also be pretty
surprised if any non-trivial mail provider changed their practices
beyond what they do now.  I presume you've seen Ned's list of how
large mail providers do and do not display submission IPs.