lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20221013123115.17419-1-sndanailov@wired4ever.net>
Date:   Thu, 13 Oct 2022 14:31:15 +0200
From:   sndanailov@...ed4ever.net
To:     corbet@....net
Cc:     rdunlap@...radead.org, linux-doc@...r.kernel.org,
        linux-kernel@...r.kernel.org,
        Sotir Danailov <sndanailov@...ed4ever.net>
Subject: [PATCH] doc: process: add privacy warning when using some SMTP servers

From: Sotir Danailov <sndanailov@...ed4ever.net>

Warn the user about "Received" headers and how some
SMTP servers use them by attaching the user's IP addresses,
when using some email clients. Add suggestion on how to
test this behavior and how to avoid it.

Signed-off-by: Sotir Danailov <sndanailov@...ed4ever.net>
---
 Documentation/process/email-clients.rst | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/Documentation/process/email-clients.rst b/Documentation/process/email-clients.rst
index fc2c46f3f82d..9c49f9b33fdb 100644
--- a/Documentation/process/email-clients.rst
+++ b/Documentation/process/email-clients.rst
@@ -350,3 +350,24 @@ although tab2space problem can be solved with external editor.
 
 Another problem is that Gmail will base64-encode any message that has a
 non-ASCII character. That includes things like European names.
+
+Privacy/Security
+----------------
+
+Keep in mind, that even if you're using a working email client, the SMTP
+server might have configurations you don't like.
+
+For example, if you decide to use the Gmail SMTP server with the Thunderbird
+client, the server will add your private and public IPs into "Received"
+headers, which are attached to all of your sent emails. This is done
+to avoid spam and to check where in the routing path an error might have
+occurred. Gmail's web GUI client doesn't add your IPs, because it's sent from
+Google's servers directly, not an external machine. Unfortunately the web
+client is not good for sending patches. You can check if your IPs are present
+in the headers by reading the raw email source.
+
+If you do not wish this behavior, you need to find a provider which doesn't
+do it or configure and host a SMTP server yourself.
+
+If you're concerned, always first send an email to yourself, read the email
+source and if you see no issues, continue to the mailing lists!
-- 
2.37.3

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ