Page 1 of 1

Received headers

PostPosted: Wed Apr 01, 2009 3:49 am
by jhmartin
Many mail servers put information that can trivially be used to recreate the original email address in the Received: Headers. Can mail sent from the protected address to a 'reply address' have all of its received headers stripped off before it is sent out by the SG servers?

PostPosted: Wed Apr 01, 2009 4:57 pm
by lwc
You could have tested it yourself, you know. Or at least submit it in the right forum. But I decided to come through for you.

The result is this:

:P 1) The Return-Path header (don't forget it too) is replaced with the masked address.
:P 2) The Received headers that would have normally exposed your real address are emptied ("for <>"). I do wonder if "<>" is RFC approved. Let's hope so.

PostPosted: Thu Apr 02, 2009 3:04 am
by jhmartin
I did test it. I noticed that in the Received headers, there was a line "received: from 123.123.123.123 example.com authenticated user XYZ", which could be easily used to identify the original user as they are XYZ@example.com. The SMTP server in question uses SASL to allow users to send mail, and the header has some of that data in it. Its not a direct user@example.com string, but it does have something that could be used to recreate it. Hence the request to remove all Received headers before SG.

PostPosted: Thu Apr 02, 2009 10:55 pm
by lwc
What is SASL? Anyway, the admins would probably deny your request because it would turn Spamgourmet into an anonymizer service, thus officially making Spamgourmet the service that gets the spam complaints (even the arrangement with Spamcop would probably fall through). Moreover, Spamgourmet would need to keep logs so as to prove illegal messages were not sent by Spamgourmet itself. And Spamgourmet is anti logs as you can get (thus the 3 only last eaten messages).

PostPosted: Fri Apr 03, 2009 1:48 am
by jhmartin
SASL: http://en.wikipedia.org/wiki/Simple_Aut ... rity_Layer. Sneakemail eats the received headers, but I can see how that is a challenge for this kind of service.

Re: Received headers

PostPosted: Tue Apr 14, 2009 5:42 am
by gourmet
jhmartin wrote:Many mail servers put information that can trivially be used to recreate the original email address in the Received: Headers. Can mail sent from the protected address to a 'reply address' have all of its received headers stripped off before it is sent out by the SG servers?


I asked one other email realay service to remove old headers when forwarding email, and they did that immediately. It's not a big deal to store those on server and remove those from message.