On 8/3/2018 10:16 AM, Brandon Long wrote:
> o smtp.client-ip - The connecting client IP address from
which the
> message is received.
this seems such a large privacy concern, I question allowing it here.
(This highlights the difference between passing information inside an
enterprise, vs. over the open Internet, across administrations.)
It is true that the privacy aspects of IP addresses are more concerning
than they have been,
but they also continue to be widely used in email message headers.
At a minimum, I suggest clear and relatively forceful language, making
clear the privacy concerns. (Privacy is new enough and, frankly, fuzzy
enough as a technical topic, to warrant the redundancy I usually argue
against...)
For this particular case, the IP is the IP of the sending server, not
the actual client. Perhaps that
means the name is poorly chosen. Perhaps smtp.remote-ip? The IP of the
oh. yeah. 'client' seems the right technical term, absent a much
longer string like 'initiating' (and I am not sugesting it.)
Perhaps change the explanatory text to something like:
The address of the initiating SMTP server, from which the message is
being relayed.
sending server
doesn't seem nearly as privacy sensitive as the IP of the sending user.
Some folks have brought up
that there may still be some geographic hints from this if the sending
service has servers in multiple regions,
That highlights the challenges of all things labeled 'privacy concern'.
And it's why I think noting issues where they occur AND summarized in a
privacy considerations section is warranted.
but that's a much smaller privacy concern that I think is out-weighed by
the utility of having it here. Especially
considering that it's already in the Received and Received-SPF headers.
Also, it is obviously optional, is SHOULD the wrong choice?
Yes. The semantics of should is 'must do this, unless you are extremely
careful and know exactly what you are doing'...
So MAY is probably the right choice.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
