Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)

Steve Atkins <> Tue, 01 December 2015 17:11 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 94F9D1ACECF; Tue, 1 Dec 2015 09:11:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.011
X-Spam-Status: No, score=-2.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id gFtaqCPHhFQM; Tue, 1 Dec 2015 09:11:24 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 588D61ACECD; Tue, 1 Dec 2015 09:11:24 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTPSA id 11CF08052D; Tue, 1 Dec 2015 09:11:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; s=aardvark; t=1448989884; bh=fKjpGrkT5CJKc2s+lSOc0dyWx8V7BXFIGz5x3mF+1zQ=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=elHKmFD2FJ+nBq7xhpp+Xu+3PFSsz+7LFcYoh1wE4MFDWz7BCBFTDumBCCI84Exyx 3CQbxCmpmv/H/LgpFhOCbsAzPn13+s69o9zT3/C5QCzDffD1NkCmSF8I6tbAj7q1KQ EsVL691/UIZ98zcVSIcPhdkuiCKYlGhiFwWc967g=
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 9.1 \(3096.5\))
From: Steve Atkins <>
In-Reply-To: <>
Date: Tue, 1 Dec 2015 09:11:23 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <20151130042819.10658.qmail@ary.lan> <> <> <> <> <> <> <>
X-Mailer: Apple Mail (2.3096.5)
Archived-At: <>
X-Mailman-Approved-At: Thu, 03 Dec 2015 08:14:58 -0800
Subject: Re: [Shutup] [ietf-smtp] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG (fwd)
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SMTP Headers Unhealthy To User Privacy <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 01 Dec 2015 17:11:25 -0000

> On Dec 1, 2015, at 8:54 AM, Ted Lemon <> wrote:
> Tuesday, Dec 1, 2015 7:27 AM Arnt Gulbrandsen wrote:
>>> Sure, but in this case wouldn't deferring to the end systems> argue in favor of allowing end systems to make the decision as> to whether their private information should be exposed?
>> As I see it, that's not the question here. The question is: Should there be an RFC that can be used/misused to apply pressure regarding trace fields etc?
> Yes, I agree that this is what we are discussing.   I think it's pretty clear that for Received header fields that refer to the IP address of the end-user, the answer is "yes, there should be such an RFC."   I haven't heard anyone seriously propose that this is not true, although I'd be interested to hear such an argument!

Well, I'll be the first, then.

When people routinely hide their identities - to the extent that a recipient cannot tell that two emails were sent by the same person - that eliminates many social and technical pressures on bad behaviour. But it *also* removes the ability for people to help them when their endpoints have been compromised.

The biggest email-related risk to peoples privacy is malware that compromises their computers (followed by phishing, that compromises their online accounts).

If someone is sending mail through a smarthost provider that a) hides the source of mail sent through them and b) has an abuse/security team that is anything less than top-tier then there is no way to identify that mail originated with them. When their machine is compromised, it can then send out malware and phishing itself, compromising others. And there's no way to contact the people responsible for the security of that machine - whether it be the end-user themself, the end-users employers IT department or the end-users residential ISP. The infection spreads faster, more people's privacy is violated.

*Routinely* removing end-user identifiers harms privacy.