Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

Ted Lemon <> Wed, 02 December 2015 03:09 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 289F41B31DB; Tue, 1 Dec 2015 19:09:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.912
X-Spam-Status: No, score=-1.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id cwAJxk7bTeyX; Tue, 1 Dec 2015 19:09:53 -0800 (PST)
Received: from ( [IPv6:2a01:7e01::f03c:91ff:fee4:ad68]) by (Postfix) with ESMTP id 774631B31DA; Tue, 1 Dec 2015 19:09:52 -0800 (PST)
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="----sinikael-?=_1-14490257896920.9116729779634625"
From: Ted Lemon <>
In-Reply-To: <>
References: <20151130042819.10658.qmail@ary.lan> <> <> <> <> <> <>
Date: Wed, 02 Dec 2015 03:09:49 +0000
Message-Id: <>
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SMTP Headers Unhealthy To User Privacy <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 02 Dec 2015 03:09:55 -0000

Tuesday, Dec 1, 2015 2:20 PM Chris Lewis wrote:
>> If they don't care enough to make such information available, it's
>> likely that it's because they don't see the issue as being
>> sufficiently important, which is to say they don't think Received:
>> headers make enough difference to be worth arguing about.
> That's not what it means at all.
> For any such information to be even remotely meaningful, it has to be tested on very large real environments.
> Imagine, if you will, our approached our largest customers (which are certainly big enough to matter in this context), and asked them to either:
> - sacrifice filtering effectiveness for a week and tell us the
> result, or
> - re-instrument thousands of receiving MTAs to distinguish and report
> on the differential based on a new indicator I provide
> So that we could satisfy your curiousity, they'd laugh in our faces.

That is literally what I said.   They don't care enough about satisfying my curiosity to do the work.   Perfectly understandable.   If they thought that the IETF producing a document recommending that the Received header field be obfuscated were a serious problem, they would care enough to do the work--it's really not that much work, and chances are they already have a test harness that would allow them to do it.

> I could tell you the differential in our instrumentation. But if you don't accept my previous assertions, you won't accept this one either.

Again, this is literally what I asked for.   I do not trust your assurances that you speak from authority.  IETF people are always trying to argue from authority--if we held that against each other we would never get anything done.

I am very curious to hear your numbers, as long as you explain how you got them.  I don't mean explain your spam algorithm--I mean characterize your sample, and explain why you think it's a good sample, and explain your methodology: what you did to the sample for test A versus what you did for test B.   Interesting things to do for the test sample to differentiate it from the control sample would be removing the last Received header field entirely (last in sequence, meaning first added), modifying the From clause for example as Stephen Farrell suggested, or simply deleting the From clause but keeping the rest of the last Received header field.

BTW, turning off the Received header field testing for a week isn't a valid methodology, since there's no way to control for the rather substantial variation in amounts and types of spam from week to week.

> In an ideal world, when everybody here was under NDA, I could give you some of the obvious, compelling and overwhelming evidence. 

I don't think you could.   You've said enough things that don't actually make sense at this point that I would really need you to show your work, not just give me assurances like the following:

> It's huge. Really.


Sent from Whiteout Mail -

My PGP key: