2

If the to: email is removed, is there any senstive information in an email header?

The reason I ask is because I am starting a project (like many others) to document received spam. I plan to publish the headers (with my email and name removed).

So I am wondering if there is anyway spammers (or anyone else) could possible retrieve private information based on the header content

Thoughts?

kburns
  • 782
  • 2
  • 8
  • 22

1 Answers1

1

Well, there's the routing path - the Received headers show which servers relayed it, together with their IP addresses. If you are worried about exposing DNS names and IP addresses there, you may want to remove them. There's also Message-ID, which should be unique at the origin server, but that is not really relevant in this case:

Delivered-To: foobar.xyzzy@example.org
Received: by 10.150.52.9 with SMTP id z9cs167242ybz; Wed, 2 Mar 2011
 01:23:55 -0800 (PST)
Received: by 10.204.123.144 with SMTP id p16mr7228369bkr.25.1299057834954;
 Wed, 02 Mar 2011 01:23:54 -0800 (PST)
Return-Path: <support@example.org>
Received: from www.example.org (www.example.org [127.25.43.2]) by
 mx.example.com with SMTP id b20si16526479bkb.8.2011.03.02.01.23.53; Wed, 02
 Mar 2011 01:23:53 -0800 (PST)
Received-SPF: unknown (example.com: domain of support@example.org uses a
 mechanism not recognized by this client. unknown  mechanisms: ))
 client-ip=89.250.243.218;
Authentication-Results: mx.example.com; spf=permerror (example.com: domain of
 support@example.org uses a mechanism not recognized by this client. unknown
  mechanisms: )) smtp.mail=support@example.org
Received: (qmail 16028 invoked from network); 2 Mar 2011 10:23:57 +0100
Received: from unknown (HELO localhost) (127.0.0.1) by localhost with SMTP;
 2 Mar 2011 10:23:57 +0100
X-Mailer: [redacted] v3.0
X-Priority: 3
MIME-Version: 1.0
Date: Wed, 02 Mar 2011 10:23:57 +0100
Subject: [redacted]
Content-Type: multipart/alternative; boundary="=_932aa962c78a5f164be3066dcfdce0e7"
From: "MAILER-DAEMON@www.example.org" <support@example.org>
Reply-To: support@example.org
Message-ID: <lhfbfx.boc32o@other.example.net>
To: foobar.xyzzy@example.org

So, the most relevant part would be the routing data - unless you use a hosted service where you can hide in the crowd (e.g. gMail), this could be used to guess the domain of the recipient.

Piskvor left the building
  • 91,498
  • 46
  • 177
  • 222
  • @Piskvor, Any idea is it OK to publicize Message-Id of emails one has sent? (eg sent using Gmail) – Pacerier Nov 27 '18 at 10:48
  • @Pacerier: Well... https://en.wikipedia.org/wiki/Message-ID seems to follow the `localpart@domain.example.com` format, where the only other hard requirement is "globally unique". So: you're potentially leaking information on both sides - if you're using the FQDN of the machine, you are publishing that; plus many localparts are formed with a timestamp. If you're okay with identifying the host (which, in the answer, I have redacted) and your message ID is pseudorandom, there's little to worry about (especially compared to other headers, which show e.g. network topology). – Piskvor left the building Nov 27 '18 at 12:28