Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

Ned Freed <> Mon, 30 November 2015 15:51 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 52A971B2F0D; Mon, 30 Nov 2015 07:51:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.012
X-Spam-Status: No, score=-2.012 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id v_VpUTDNx7ba; Mon, 30 Nov 2015 07:51:08 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id C1ED51B2F35; Mon, 30 Nov 2015 07:51:08 -0800 (PST)
Received: from by (PMDF V6.1-1 #35243) id <>; Mon, 30 Nov 2015 07:46:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;; s=mauve; t=1448898360; bh=RlRdfYKkwulUxnxEKVDvXcByCBdlHBiacNpliyfkAAI=; h=Cc:Date:From:Subject:In-reply-to:References:To; b=LUV95amiybgCaZxRXj6zGcPoQnQI8bgCsPAGZlXSnOGI8VYuVX9QAU3PKizG35lgq LMy5K0QUfXwgv0Et7Dr7RS83AvhuYM0S95ckIOGE+iKBk/tNWyz8IiKSEG6GIeiK8N 13yHXIyedbmoy/2IuetGJWRz3fmG2nZqknPacYQE=
MIME-version: 1.0
Content-transfer-encoding: 7BIT
Content-type: TEXT/PLAIN; CHARSET=us-ascii; Format=flowed
Received: from by (PMDF V6.1-1 #35243) id <>; Mon, 30 Nov 2015 07:45:54 -0800 (PST)
Message-id: <>
Date: Mon, 30 Nov 2015 07:38:21 -0800 (PST)
From: Ned Freed <>
In-reply-to: "Your message dated Mon, 30 Nov 2015 10:34:51 +0100" <>
References: <alpine.OSX.2.11.1511282155180.1479@ary.lan> <> <Eoqbyz/axxwfm7I0m8X7QOm53qcBtCJIuS/> <> <> <> <015801d12b0a$dc8731d0$95959570$> <>
To: "Rolf E. Sonneveld" <>
Archived-At: <>
Cc: 'Jim Fenton' <>,, Christian Huitema <>,
Subject: Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SMTP Headers Unhealthy To User Privacy <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 30 Nov 2015 15:51:10 -0000

> On 30-11-15 02:02, Christian Huitema wrote:
> > On Sunday, November 29, 2015 12:54 PM, Jim Fenton wrote:
> >> There are users for whom their privacy is critically important, such
> >> as press informants in totalitarian societies. There are many other
> >> ways to determine their location (network monitoring coupled with
> >> a STARTTLS downgrade attack, for one), and it would be harmful
> >> (potentially life-threatening) if anyone thought that this would truly
> >> protect them. They should be using something like SecureDrop and
> >> not using email at all.
> > Uh, No. This is the classic "the other side of the boat is leaking too"
> > argument, coupled with a dollop of "no security is better than imperfect
> > security." Yes, there are many ways for metadata to leak. But that does not
> > mean that we should not plugs the leaks that we do know about.
> >
> > The discussion so far shows that one hand many people believe that we are
> > disclosing too much metadata in mail headers, while many more believe that
> > the metadata disclosure is actually useful to fight various forms of abuse,
> > some of which may well compromise users' privacy.
> >
> > We also heard that some of the big providers have already unilaterally
> > decided to suppress some of the metadata, like the first hop address.

> Can anyone share some information about which providers made which decision?

I posted about this earlier on the perpass list in respose to the initial
discussion of the draft-josefsson-email-received-privacy draft. Here's an
updated version of that information:

Gmail:   Webmail does not disclose originating client IP, apparently using
         invalid Received: field to avoid doing so.
         Submit discloses originating IP.
Yahoo:   Neither webmail nor submit disclose originating IP, some Received:
         fields are invalid but this looks like an unrelated issue.
Outlook: Neither webmail nor submit disclose originating IP, valid Received:
AOL:     Both webmail and submit disclose originating client IP in both
         Received: fields and X-Originating-IP: (webmail) and X-AOL-IP:
         (submit) fields.
GMX:	 Both webmail and submit disclose originating client IP.

Thanks John Levine for the AOL submit data.