Hi Kevin, On 3/29/14, 7:59 AM, Kevin M. Gallagher wrote: > What do people today think of the SMTP RFC's current requirement that > mail programs and servers must not under any circumstances change or > delete Received: headers? Is exposing sender IP addresses to any > attacker who can view e-mail headers, for the purposes of preserving > trace information, really worth it when weighed against considerations > like security and privacy? > > http://tools.ietf.org/html/rfc5321#section-4.4 > There is at least some value in retaining trace headers both for debugging and anti-spam (mostly validating what one would expect to for a given sender see), headers added by an MSA can entail privacy concerns that (IMHO) outweigh debugging considerations. Eliot