Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

Stephen Farrell <> Tue, 01 December 2015 22:58 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id E42721AD367; Tue, 1 Dec 2015 14:58:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Vqt9koFzXAp1; Tue, 1 Dec 2015 14:58:45 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id BB15E1AD373; Tue, 1 Dec 2015 14:58:44 -0800 (PST)
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5BB9ABE64; Tue, 1 Dec 2015 22:58:43 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id KHUWACHqi7pt; Tue, 1 Dec 2015 22:58:42 +0000 (GMT)
Received: from [] (unknown []) by (Postfix) with ESMTPSA id 68D01BE55; Tue, 1 Dec 2015 22:58:41 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; s=mail; t=1449010722; bh=AxqQCdnYGaETlB+24I9O+p4ncdK/EWbJ2nFF5x1SYB8=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=vUraE3A93PEW7lbHsyJx2rX/KdReOCz3FIT+ta5saSI/8ZbLOcMLO3nZVpNT8VlA9 4g0/p6aS+ZGry7SNfYDLvMoIDn1+HdIvZOVylCmzedAEMG1BLHg7x6xhhndEGUywxu B4CRG/Xzu81uUpNUWgPMFG2Mw7YqcsV3g109humQ=
To: Christian Huitema <>, 'Martijn Grooten' <>,
References: <20151130042819.10658.qmail@ary.lan> <> <> <> <> <> <> <> <> <> <> <07bf01d12c71$9b88b790$d29a26b0$>
From: Stephen Farrell <>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <>
Date: Tue, 1 Dec 2015 22:58:40 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <07bf01d12c71$9b88b790$d29a26b0$>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Archived-At: <>
Subject: Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SMTP Headers Unhealthy To User Privacy <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 01 Dec 2015 22:58:47 -0000

On 01/12/15 19:50, Christian Huitema wrote:
> On Tuesday, December 1, 2015 11:24 AM, Martijn Grooten wrote:
>> I agree that if keeping your geolocation is a matter of life and death,
> you
>> shouldn't use email, but for me that is not a reason for the IP address to
> be
>> visible for anyone who can read the email. I think privacy matters, even
>> when it's not about life and death.
> I am also concerned with automated mass surveillance, including traffic
> analysis. The basic traffic analysis produces "5-tupple" logs. Since a lot
> of the Internet usage is now mobile, there is no direct mapping between IP
> addresses and user identities. To move from traffic analysis to
> surveillance, the analyzers need to restore that mapping. There are multiple
> ways to do that, as explained in RFC 7624, and email headers are one of
> them.
> Clearly, there are also other sources of correlation between IP address and
> identity. Various IETF working groups are busy closing these other sources
> as well: MAC Address randomization to suppress direct mapping of identities
> to roaming devices; DHCP anonymity profile to remove the leakage of metadata
> in DNS packets; or, HTTPS to prevent observation of HTTP cookies. To break
> the correlation between IP address and identity, we need to also close the
> leakage in the SMTP traces.
> Everybody understands that there is a tension there between privacy and
> fighting spam. I get the use case of the virus-infected home PC that
> originates spam through the permissive SMTP relay of some local ISP. But
> then many mail providers feel the need to provide privacy to their users,
> which drives them to deploy their own formatting of the "received" field. We
> do have a tension there, and that tension is precisely why we want to study
> the alternatives and come up with a proposed recommendation. 

+1 to all the above.

> Hence the WG
> charter.

Well... the charter text proposed (perhaps combined with the draft
posted before) does seem to have caused a bit of an allergic reaction
from many mail folks;-)

I suspect those of us who would like to see work done to improve the
privacy properties of mail may need to understand that reaction some
more before trying to move stuff ahead.