On 31 March 2014 00:52, Randy Bush <randy@xxxxxxx> wrote:
the truth is, i have not used received: headers to authenticate/debug
[0] since yesterday. but it's not yet 09:00, so there is still time
today.
I'm assuming you realise that nobody is arguing that all received header fields be stripped?
The problem I've run into is generally machine [~auto] submitted email, where the network itself is "sensitive" (let's pretend it's a big bank), and the administrators don't wish to reveal anything about the network location of said machine.
The trace fields stripped would be limited to (probably) one - that of the original {trans|sub}mission. It'll also be (in practise) a constant modulo the timestamp.
Does this change your point of view? If not, why would knowing about a machine that's likely on private IP address space or otherwise on an unrouted network be useful to you for debugging purposes?
If there's a problem with the mail, the big bank can track down what happened easily enough, and you can point your finger at the correct big bank.
Dave.