--On Monday, March 31, 2014 08:36 +0100 Dave Cridland <dave@xxxxxxxxxxxx> wrote: > On 31 March 2014 00:52, Randy Bush <randy@xxxxxxx> wrote: > >> the truth is, i have not used received: headers to >> authenticate/debug [0] since yesterday. but it's not yet >> 09:00, so there is still time today. > I'm assuming you realise that nobody is arguing that all > received header fields be stripped? > > The problem I've run into is generally machine [~auto] > submitted email, where the network itself is "sensitive" > (let's pretend it's a big bank), and the administrators don't >... > If there's a problem with the mail, the big bank can track > down what happened easily enough, and you can point your > finger at the correct big bank. As I pointed out earlier, this is precisely the case for which there is language in the message submission spec. It has nothing to do with SMTP across the network. john