-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/01/2015 11:51 AM, Ted Lemon wrote:
| We are seeing providers right now disappearing IP address | information for the submission IP source address, so your logic | here would suggest that there is in fact a downside to including | that information; otherwise it would not have disappeared. What we have now is a very small number of providers doing this on purpose (I can count the number of major providers doing it with the fingers of one hand), and a still very small, but marginally larger set of providers not providing it because their infrastructure doesn't know what it is and/or their software just doesn't do it for one reason or another. On the other hand, we can see that that the lack of that information presents difficulties to filtering technologies. When you get a series of harassing emails from a given site originating from a given user that's forging from lines and mutating content, you have nothing concrete to filter on to distinguish it from other email from the same provider. Leaving you with an all or nothing situation of blocking the whole provider. Which isn't a big drawback if the provider is good at stopping abuse because the problem won't last long, but, the largest provider in question often isn't, especially in the case of individual harrassment. Indeed, without that information being present (or not being accessible without great effort using the provider's server logs), it can cause significant difficulty for the provider doing anything about it even if they wanted to. IOW: if even the provider doesn't know where it's coming from (or if finding out is too expensive to do at scale), then everybody (including the poor user with the infected box) is SOL. One of your other points is that the received lines aren't standardized. Well, yes, that's true. But that is in fact an advantage to filters. The simple fact of different formats/idiosyncratic behaviour gives filtering technologies more leverage to make filtering decisions that have nothing whatsoever to do with IP addresses. We use this sort of information to great benefit - as do the largest email providers. "Standardized" or not, Received lines provide a rich detail of fodder for filtering, whether or not the filter manages to understand what the received line is trying to say about where the email allegedly came from or how it got there. The IP could just as easily be a non-reversible encrypted blob unique to the sending user that only the provider understands, but the receiver can filter on. I say "allegedly", because the actual source (personal attribution) of the email is generally irrelevant to filtering. Our primary goal is stopping the trash, a secondary goal is helping the infectee fix their problem, but if the provider wants to interfere with the latter, well, we can live with it. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBAgAGBQJWXeU/AAoJENy2YTBCU1ml+vkIALKzFFDYa3MBHn8JXzkYnkpK 9otrKipY4c07C8A4zfggMautyZWXe73msvmZDZoWng+qUE/MggKtvEYHgEIsFp0+ TUElwxOwA4Ftmb2CdtQPhtuoXQP4fIWMmkWuuZf6GuvKxGbl8dVpfWxmjvyy3LEh RJmvKwzxw4yf+MNzbdtfEy+bveXTEemAFPnu3TO4mZI5a/3RReVdiEyC3/oi4AYG wQTfBegLvAiHdqBeQecqh531E0e0No9n8g8ElwZS1PDShM6SG7Nk+XYNKXwYRvXg ifNSCYu4gm0Xn/KGF1wYd/0Wfvp9jd6cRPJ1Eq5nbNm0zXOao+McZfmGDsr2aGI= =FY2y -----END PGP SIGNATURE----- _______________________________________________ Shutup mailing list [email protected] https://www.ietf.org/mailman/listinfo/shutup
