Re: [mailop] Any Apple email team on the list? Interesting tidbit like to shed light on...
On Tue, May 02, 2023 at 10:11:46PM -0400, John Levine via mailop wrote: > It appears that Michael Peddemors via mailop said: > >Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.2\)) > > I sent a message to myself from > > Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.500.231\)) > > There's no X-Universal anything. Wherever it came from, it's not the > Mac mail progaram. Our traps get a slow but steady drip of messages from Apple outbounds. Last month, one tenth of a percent of those messages (which tells the astute reader there's got to have been at least one thousand such messages) contained the header X-Universally-Unique-Identifier. Almost half of the messages we got were mail sent from anywhere else _to_ an Apple account that has been configured to forward email to an address that has never worked (before being made into a spamtrap), though. -- Atro Tossavainen, Founder, Partner Koli-Lõks OÜ (reg. no. 12815457, VAT ID EE101811635) Tallinn, Estonia tel. +372-5883-4269, http://www.koliloks.eu/ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Any Apple email team on the list? Interesting tidbit like to shed light on...
It appears that Michael Peddemors via mailop said: >Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.2\)) I sent a message to myself from Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.500.231\)) There's no X-Universal anything. Wherever it came from, it's not the Mac mail progaram. R's, John ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] Any Apple email team on the list? Interesting tidbit like to shed light on...
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.2\)) X-Universally-Unique-Identifier: DDB4B009-F0E0-4255-8DC7- Trying to understand if this is an unintended disclosure.. Of course, UUID's etc are important tools for verification, and can be useful in validating authenticity, but embedding it in the headers can have unintended consequences. Of course, I cannot verify if it is actually the unique ID for this person's device (obfuscated of course), but if it were, and was sent in response to a phishing lure, or to a malware actor, then they could tie that unique device to the end user. I could understand if it was shared with their service provider, but the rest of the world probably should not have access to it. Am I correct in my assessment? -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop