Happy New Year!
now for bad news, i'm back :)
On 30/12/2021 13:05, Mark Foster via mailop wrote:
On 29/12/2021 11:48 pm, Noel Butler via mailop wrote:
Mark, you do realise, that information *is already there* in the
header, well, for network operators it is, as its encrypted but
roundcube has a tool for them to decrypt it, but you want them to put
it plain text? when google and the like never will, wont win any fans
with that request :)
Maybe I need to be clear that I both use Roundcube, and operate it on a
private MTA. I havn't seen how my HTTP(S) IP address was encoded in any
emails i've sent using Roundcube, even as the operator of that
platform.
Perhaps I missed something.
I'm using RC now, have a look, the first received line, all that
jibberish, is my actual hostname and IP
Sure, but you are not exposing it to all and sundry are you, you are
exposing it to those with authority to see it, webmasters, newsmasters,
irc opers, facebook, google, microsoft admins, and so on, your not
exposing it for say, me, or your neighbours to look at - unless you
using our services lol.
If I send someone an email, I expect my email address to be presented as
the sender. However it's relatively easy to forge these and very
inexpensive to create a large number of disposable email addresses.
There's such a large number of operators that full transparency is not
available, and the headers failing to provide a link to the last-mile
network provider just adds to the anonymity. And when we're guaranteed
anonymity, we know that people will take advantage for negative effect.
But your email address is not the same as your IP address which is not
the same as a residential address
As for your 'authority to see it' comment... if I typo a web address in
my browser, that's on me, but i'm giving my IP away to the person who
operates the DNS server and webserver. Anyone can do this, so a
malicious
What is it with some people and believing that all ISPS perform DNS
logging, do ISP's in your country really log every DNS request? Then
your best using tails if you're that paranoid about it, or a VPN. I mean
most people on this list are from USA, not all like yours truly, but
most, I really dont see every USA ISP logging DNS requests of all of its
users, it is one reason why I'm outspoken against DoH, sending all your
DNS requests to cloudfare, centralising the internet.
If you use an SMTP mail client your home IP is given away. Plenty of
webmail services log an HTTP(S) Received: line . I guess i'd just
expect Roundcube to do the same.
as above, it does
What purpose will it serve for the victim to know the IP of the person
causing them harm?
If the only info you have is the mail service provider, and that mail
service provider is a huge, freemail operator, noone is going to expect
any real consequence to come out of reporting abusive activities. The
ISP is the party who's going to (more likely) have an actual commercial
relationship with the malicious party. Onceuponatime these may have
been the same parties, but no longer, ... if i'm reporting nefarious
behavior I'd want to get as close to the actual offender as possible,
an anonymously-signed-up-to freemail service is not going to care too
much... they might block the account, there'll be ten more signed up in
as many minutes, rinse and repeat.
There is always accountability, just it might be a slower process in
some cases.
Most ISPs have a similar AUP, which also aligns with most freemailers -
I'm no fan of them, but they are not the topic of this discussion which
is roundcube, which is hardly used by freemail providers, so any problem
you have with a RC user, is likely the actual ISP/Hosting provider where
there is a contractual agreement, so again I see no problem that needs
solving
--
Regards,
Noel Butler
This Email, including attachments, may contain legally privileged
information, therefore at all times remains confidential and subject to
copyright protected under international law. You may not disseminate
this message without the authors express written authority to do so.
If you are not the intended recipient, please notify the sender then
delete all copies of this message including attachments immediately.
Confidentiality, copyright, and legal privilege are not waived or lost
by reason of the mistaken delivery of this message._______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop