> From: "Kevin M. Gallagher" <kevin@xxxxxxxxxxxxxx> > > What do people today think of the SMTP RFC's current requirement that > mail programs and servers must not under any circumstances change or > delete Received: headers? Is exposing sender IP addresses to any > attacker who can view e-mail headers, for the purposes of preserving > trace information, really worth it when weighed against considerations > like security and privacy? Received: headers are quite useful when you're trying to figure out which mail server sat on the message for four days. They're also useful when you're trying to figure out what sequence of address rewrites got the message to you. Dale