On 2017-06-29 at 11:00 +0200, Jan Ingvoldstad via Exim-users wrote: > There are DNS lookups for the sender and recipient domains, and in the > case of spam filtering, there are often additional DNS lookups in > DNSBLs for URIs found in the message content.
URIs, is a fair point, but privacy-focused services don't do those lookups anyway. If Gmail's outbound hosts connect to your server, you do a lookup based on IP, or upon "gmail.com", and you reveal nothing more than was observable already: Gmail connected to you. For a very few organizations which host mail for many domains, you _might_ additionally leak which domain was talked to, but since those will often be local they can be queried on local network, or for a client's domain, it might just be leaked anyway, but with a high probability of being cached. Doing predictable lookups based upon the full email address, not just the domain, is drastically different from a privacy perspective. This is the sort of thing which is sensitive metadata with reasonable privacy expectations. Folks who go around sending cleartext queries to sites across the open Internet which are long-term 1:1 tied to email addresses are hindering their legal defense against future wiretap orders. I *STRONGLY* encourage any postmaster considering deploying this technology to talk to their organization's legal counsel before doing so, to be sure that the implications are understood and to protect you from personal liability. -Phil
signature.asc
Description: Digital signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/