Wednesday, Dec 2, 2015 9:17 AM Paul Smith wrote: > Eg, someone says to me "so and so received this message from me, but I didn't > send it - has my laptop got a virus on it?" I can look at the IP address in > the Received header and say, "no, that message came from China, someone's > just spoofing your address", or "it may have done, is your ISP > 'bigisp.com'?" (or in some cases, "is your home IP address 1.2.3.4?" (if they > have a static IP address))
This is email that your customer sent through your server (or didn't). Suppose you didn't have the Received header with the user's IP address on it. Are you really going to tell me that you couldn't use information at your disposal to give both of the answers that you proposed? If it was not sent through your server, you don't even need to look at your logs to see that--it's in the Received header fields that you didn't redact, or rather, it's evident because your mail servers probably aren't mentioned in the Received header fields. If they are, then you can go look at the logs to see what IP address connected to the server to drop that email; if the logs don't match the headers, it's fake, and if they do, you have the submitter's IP address. I will grant you that the Received header field saves you some time, but it doesn't prevent you from answering the particular question that you are proposing as a motivating use case for not redacting it. If this were a serious problem, you would spend a half hour to write a script that eliminated the time difference. -- Sent from Whiteout Mail - https://whiteout.io My PGP key: https://keys.whiteout.io/[email protected]
pgpKYmuwTth0A.pgp
Description: PGP signature
_______________________________________________ Shutup mailing list [email protected] https://www.ietf.org/mailman/listinfo/shutup
