On 29/12/2021 11:48 pm, Noel Butler via mailop wrote:
abuse reports filed with them... there's little evidence of this to an
end-user/victim...)
I for one look forward to Roundcube building in the option to have
the web IP included in headers,
Mark, you do realise, that information *is already there* in the
header, well, for network operators it is, as its encrypted but
roundcube has a tool for them to decrypt it, but you want them to put
it plain text? when google and the like never will, wont win any fans
with that request :)
Maybe I need to be clear that I both use Roundcube, and operate it on a
private MTA. I havn't seen how my HTTP(S) IP address was encoded in any
emails i've sent using Roundcube, even as the operator of that platform.
Perhaps I missed something.
But with a victims perspective in mind, feels like it'd be nice to
show some public accountability. (And your IP address shouldn't be
treated as PII kid-gloves... you expose it every time you access
network resources)
Sure, but you are not exposing it to all and sundry are you, you are
exposing it to those with authority to see it, webmasters,
newsmasters, irc opers, facebook, google, microsoft admins, and so on,
your not exposing it for say, me, or your neighbours to look at -
unless you using our services lol.
If I send someone an email, I expect my email address to be presented as
the sender. However it's relatively easy to forge these and very
inexpensive to create a large number of disposable email addresses.
There's such a large number of operators that full transparency is not
available, and the headers failing to provide a link to the last-mile
network provider just adds to the anonymity. And when we're guaranteed
anonymity, we know that people will take advantage for negative effect.
As for your 'authority to see it' comment... if I typo a web address in
my browser, that's on me, but i'm giving my IP away to the person who
operates the DNS server and webserver. Anyone can do this, so a
malicious cybersquatter could potentially grab quite a bit of
information about me. I know that, I make decisions aligned with that
position. The idea of being 'authorised' is an amusing one... by using
the Internet I do not assume full anonymity applies anywhere, but i'm so
far down into the noise level that in practical terms, until I give
someone reasons to look, I suppose that I am. That's a level i'm fairly
comfortable with.
If you use an SMTP mail client your home IP is given away. Plenty of
webmail services log an HTTP(S) Received: line . I guess i'd just expect
Roundcube to do the same.
People have a right to privacy, yes people have a right not to be a
victim, that's where network operators come in, to identify and if
need be deal with their user.
What purpose will it serve for the victim to know the IP of the person
causing them harm? They cant exactly do anything with it, but report
it to the users ISP, which is exactly what they need to do now to find
out who it is, the ISP sure as hell is not going to tell the alleged
victim their alleged perpetrators name and address or phone number or
anything, I'm sure even the country with the worse privacy laws wont
allow that.
If the only info you have is the mail service provider, and that mail
service provider is a huge, freemail operator, noone is going to expect
any real consequence to come out of reporting abusive activities. The
ISP is the party who's going to (more likely) have an actual commercial
relationship with the malicious party. Onceuponatime these may have been
the same parties, but no longer, ... if i'm reporting nefarious behavior
I'd want to get as close to the actual offender as possible, an
anonymously-signed-up-to freemail service is not going to care too
much... they might block the account, there'll be ten more signed up in
as many minutes, rinse and repeat.
Many years ago I was manning the abuse@ mailbox for an ISP who were
offering free internet access services (paid for through telco
interconnect revenues... this was a long time ago and in the dial-up
era)... it taught me exactly how much abuse will come from accounts that
people can sign up for with zero accountability.
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
