Re: SMTP RFC: "MUST NOT" change or delete Received header

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 29 March 2014 06:59, Kevin M. Gallagher <kevin@xxxxxxxxxxxxxx> wrote:
What do people today think of the SMTP RFC's current requirement that
mail programs and servers must not under any circumstances change or
delete Received: headers? Is exposing sender IP addresses to any
attacker who can view e-mail headers, for the purposes of preserving
trace information, really worth it when weighed against considerations
like security and privacy?

http://tools.ietf.org/html/rfc5321#section-4.4

I would note that removal of internal Received headers at the exit boundary of the sending ADMD is quite common - and I ran into this one just the other day, where a client wasn't doing this and it caused concern.

Outside of the sending ADMD, the trace fields are of very low value for debugging, and as discussed in §7.6, may be problematic.

Inside (and at the boundary especially), they are useful, so mandating that they're added, but may be removed at the exit of the sending ADMD seems sane. I'm not going to demand any change here for the simple reason that there's no way to distinguish what's happened externally; therefore this doesn't strike me an an interoperability concern.

Dave.

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]