Removing client IP when sending email

XN-Matt

Many years ago, seeing the client IP in email headers was the norm. Now, privacy as well as legal obligations are more common. Gmail, Outlook et all, all hide the sending IP, for good reason.

I think there should either be an option to remove the IP or obfuscate it (replace in the headers with a sending ID X- header. Of course, we still have logging so we can find out who it was.

Blacklists don't generally list the sender of the message but the server sending the message so that won't change.

I feel this should only apply to authenticated sending of messages (same applies to webmail).

Whilst there is the argument of abuse (spammers) vs privacy. I feel privacy trumps anything else as well as doing right by what are paid customers. We can still find out or identify spammers either way.

XN-Matt

For those unsure what I am on about, the client to server header. In some case, which identifies the device type too..

Received: from smtpclient.apple (unknown [138.x.x.x]) (Authenticated sender: user@domain) by server.hostname (Postfix) with ESMTPSA id AE2DA3180E56 for <x.x>; Tue, 1 Oct 2024 14:55:51 +0100 (BST)

Nickske00

I just tested this with a big provider in Belgium. If you use the webmail your e-mail wil have an 'X-Originating-IP' header with the ip. I'm also not sure what you privacy concern is? If you want privacy use a VPN.

XN-Matt

A VPN should not be needed for "privacy". They all peddle stuff like this to create a false sense of security. Most if not all connections to services these days are via SSL and then you don't know who could be sniffing unencrypted data on the wire at the other end.

It does not detract the fact that the biggest providers in the world see this as a much needed privacy step, so what will be a much smaller provider in Belgium as justification as to why not isn't really anything to compare against.

Offering better privacy out of the box is a good thing, not bad.

Nickske00

I'm not sure what an ip has to do with privacy. As far as I know only your provider can link it to you...
So you don't store ip's on orders? I also don't think it is a better idea to keep a logbook with the ip's and corresponding id's like you are suggesting.. Just making things complicated.

XN-Matt

I'm not sure what an ip has to do with privacy

Then there's no point responding. Those that know what the implications are will understand.