Products > Security

Emails sent via SMTP AUTH reveal the sender's IP

(1/5) > >>

peter-h:
I asked a colleague who does a lot of IT stuff to check if my DKIM and SPF are OK. Gmail is now bouncing any incoming email unless it has either SPF or DKIM.

He pointed out that my email headers are leaking my home (or office) IP. This is astonishing... but apparently it is correct per the protocol.

The SMTP AUTH service I use has a control panel config to suppress this header



but I wasn't aware of this until now.

The headers still leak the machine name but that doesn't normally matter.

Monkeh:
Yes, this is completely normal and has been the case for, oh, 40 years.

Neither your external nor internal IPs are secrets.

peter-h:
So it seems, but locating somebody via their IP wasn't so easy 40 years ago :) I'd think most people don't expect their emails to geolocate them.

Monkeh:
In my experience, geolocation by IP is.. not concerningly precise. You'd get on the right side of my county, at least, with one of my IPs..

peter-h:
Sure, but an IP can reveal all kinds of peripheral stuff e.g. a business you happen to work at, etc. An entire IP history is available nowadays, including hosted domains which were on it for just 5 mins.

Navigation

[0] Message Index

[#] Next page

There was an error while thanking
Thanking...
Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod