Received headers

Discussion re sg development. You don't have to be a developer.

Received headers

Postby jhmartin » Wed Apr 01, 2009 3:49 am

Many mail servers put information that can trivially be used to recreate the original email address in the Received: Headers. Can mail sent from the protected address to a 'reply address' have all of its received headers stripped off before it is sent out by the SG servers?
jhmartin
 
Posts: 3
Joined: Wed Apr 01, 2009 3:36 am

Postby lwc » Wed Apr 01, 2009 4:57 pm

You could have tested it yourself, you know. Or at least submit it in the right forum. But I decided to come through for you.

The result is this:

:P 1) The Return-Path header (don't forget it too) is replaced with the masked address.
:P 2) The Received headers that would have normally exposed your real address are emptied ("for <>"). I do wonder if "<>" is RFC approved. Let's hope so.
lwc
 
Posts: 355
Joined: Sat Aug 28, 2004 9:09 am

Postby jhmartin » Thu Apr 02, 2009 3:04 am

I did test it. I noticed that in the Received headers, there was a line "received: from 123.123.123.123 example.com authenticated user XYZ", which could be easily used to identify the original user as they are XYZ@example.com. The SMTP server in question uses SASL to allow users to send mail, and the header has some of that data in it. Its not a direct user@example.com string, but it does have something that could be used to recreate it. Hence the request to remove all Received headers before SG.
jhmartin
 
Posts: 3
Joined: Wed Apr 01, 2009 3:36 am

Postby lwc » Thu Apr 02, 2009 10:55 pm

What is SASL? Anyway, the admins would probably deny your request because it would turn Spamgourmet into an anonymizer service, thus officially making Spamgourmet the service that gets the spam complaints (even the arrangement with Spamcop would probably fall through). Moreover, Spamgourmet would need to keep logs so as to prove illegal messages were not sent by Spamgourmet itself. And Spamgourmet is anti logs as you can get (thus the 3 only last eaten messages).
lwc
 
Posts: 355
Joined: Sat Aug 28, 2004 9:09 am

Postby jhmartin » Fri Apr 03, 2009 1:48 am

SASL: http://en.wikipedia.org/wiki/Simple_Aut ... rity_Layer. Sneakemail eats the received headers, but I can see how that is a challenge for this kind of service.
jhmartin
 
Posts: 3
Joined: Wed Apr 01, 2009 3:36 am

Re: Received headers

Postby gourmet » Tue Apr 14, 2009 5:42 am

jhmartin wrote:Many mail servers put information that can trivially be used to recreate the original email address in the Received: Headers. Can mail sent from the protected address to a 'reply address' have all of its received headers stripped off before it is sent out by the SG servers?


I asked one other email realay service to remove old headers when forwarding email, and they did that immediately. It's not a big deal to store those on server and remove those from message.
gourmet
 
Posts: 121
Joined: Thu Mar 27, 2008 4:46 pm


Return to Developers

Who is online

Users browsing this forum: No registered users and 1 guest

cron