[Mimedefang] GMail (was Re: stripping Received headers based on authentication)

Matt matt at beyondzero.net
Wed Feb 17 15:25:05 EST 2010 

On Wed, Feb 17, 2010 at 02:47:53PM -0500, David F. Skoll wrote:

> You and Gmail are the only ones with this interpretation.  Other
> Webmail providers (Yahoo, Hotmail) and Webmail software (Squirrelmail;
> Horde) use my interpretation.  So I submit that you are the one
> interpreting the RFC oddly.

Well, and me.  As much as I like the idea of knowing the IP of the web
client, its absence does not violate the RFC.  The RFC reads to me to
be discussing SMTP gateways, not requiring that the headers include
the IP assigned to the computer on which the user is typing.

I believe the ssh analogy is appropriate.  Even better, consider
telnet.  If I telnet to the telnetd of a machine, and then use that
machine to telnet to the localhost smtpd, I would expect to see the
machine running telnetd as the first hop.  The machine I am sitting
on, with the first telnet client, would never appear in SMTP headers.

A machine running httpd instead of telnetd is doing the same thing, so
I would not expect the http client (or, possibly a telnet client!) to
appear in the SMTP headers.

The problem I see with David's interpretation is that the SMTP RFC can
not, by definition, make requirements the protocol can not enforce.
How can an smtpd know the IP of the "original" machine, since there
are limitless ways to hop around networks before first speaking to an
smtpd?

The RFC appropriately requires any smtpd to record and include the
full path an email has traversed, but it can't be asked to record
information to which it can not possibly have access (specifically,
it can't know the IP address of the machine before the earliest IP
which began speaking the SMTP protocol).

Lastly, google is not alone in this.  Many private email systems offer
http(s) interfaces and do not include the IP of the user's http
client.

This does not mean I do not agree that the ubiquity of web-to-smtp
gateways introduces a special problem for the anti-spam crowd.  And
David, like everyone, is certainly free to decide from whom he will
accept mail and for what reasons.

I just do not agree that Google is violating the RFC.


Matt

-- 
GnuPG Key ID: 0xC33BD882
aim/google/MSN/yahoo: beyondzero123

A human being should be able to change a diaper, plan an invasion, 
butcher a hog, conn a ship, design a building, write a sonnet, 
balance accounts, build a wall, set a bone, comfort the dying,
take orders, give orders, cooperate, act alone, solve equations,
analyze a new problem, pitch manure, program a computer, cook a
tasty meal, fight efficiently, die gallantly. Specialization is 
for insects.
     -Lazarus Long

More information about the MIMEDefang mailing list