[Mimedefang] GMail (was Re: stripping Received headers based on authentication)

[David F. Skoll]

John Nemeth wrote:

> } Yep.  On one side: The Web browser.  On the other side: The rest of
> } the Internet.  Why is that so hard to understand?

>      Yes, a web browser, not an MUA of any sort!

Really?  Why isn't it an MUA?  What part of the definition of an MUA
does composing mail in a Web browser and then hitting "send" fail to meet?

> I've worked with
> numerous different e-mail related protocols over the years, but until
> now, nobody has tried to convince me that HTTP{,S} has anything to do
> with e-mail.

HTTP(S) has everything to do with email if it's used as the protocol to
submit email.  In this respect, it's equivalent to MAPI or any other
non-SMTP protocol used for email.

>      BTW, what's an EGR and how does it work?  What's a PCV and how
> does it work?  The only hint that I'll give is that these don't have
> anything to do with computers.

How are they relevant?  (I vaguely recall they have something to do
with car engines, but so what?)

[...]

>      So what, we all know the general state of privacy in the US, i.e.
> you have none.  The rest of the world generally does a better job.
> Google is at least trying.

BS.  The privacy claim from Google is absurd.  Why do they add a
Received: header for mail submitted via SMTP?  If they were serious
about privacy, they wouldn't.

> } Here's the thing: Between the Google Webmail server and the client's
> } Web browser, there is an interface between two administrative domains.
> } Google doesn't own the Web browser (yet!), but it does own the Web
> } server.

>      Yeah, so?

So, unless Google is 100% accurate at detecting spam and 100% pro-active on
following up complaints, hiding this interface hides useful information
from people trying to fight abuse.  Google is helping spammers.

> } For tracing purposes, it is desirable (I would say mandatory) to track
> } the flow of email across this interface.

>      How do you know they don't?  Just because they don't give you the
> info, doesn't mean they don't track it.

You can't get that info from Google.  Go ahead and try.  And Google
lacks the motivation and staff to follow up on every abuse complaint.
So basically, if you receive spam from gmail, you run into a brick wall
trying to do anything about it.

[...]

>      Nor, is there any need for Gmail to do so.  Google is fully
> responsible for anything emitted by the Gmail system.  If you receive
> spam from a Gmail user, report it to Google/Gmail.

What good would that do?

> If Google fails to deal with it appropriately that would make Google
> a spam friendly entity and a problem.  You can then deal with them
> on that basis.

Google cannot deal with every complaint appropriately; it simply lacks
the manpower.

> There is no need for you to know who the ultimate enduser composing the
> e-mail is.

I don't want to know who the ultimate end-user is.  I just want to know
the IP address of the machine that injected the email into Google.
It's a valuable of information I can use in my filter.

-- David.