EmailDiscussions.com

EmailDiscussions.com (http://www.emaildiscussions.com/index.php)
-   Runbox Forum (http://www.emaildiscussions.com/forumdisplay.php?f=18)
-   -   Removing Customer IP Addresses (http://www.emaildiscussions.com/showthread.php?t=73849)

FredOnline 25 Jul 2018 03:26 AM

Removing Customer IP Addresses
 
From the Runbox Blog:

https://blog.runbox.com/2018/07/remo...-ip-addresses/

We are pleased to announce that we no longer include customer IP (Internet Protocol) addresses in outgoing mail headers when you are using our SMTP service. The SMTP service is what you use if you are using an email program like Outlook, Apple Mail, Thunderbird or other similar programs on a laptop, desktop or mobile device.

This brings our SMTP service in line with our webmail service where we havenít included the customer IP address for a few years now.

Removing the IP address of your Internet connection can help improve your privacy as IP addresses can sometimes be used to identify your geographical location, and might be accurate to a particular town or city (though often they are much less accurate that this).

If you have any further questions about this please contact Runbox Support.

Jacinto 26 Jul 2018 08:46 PM

Thank you for the heads-up, FredOnline.

Depending on what the sender's local address is substituted with, this could be great if it is just truncated or dumb if it is substituted with something like "localhost."

Also, for business E-Mail you may not want it truncated or substituted. If your domain name is part of your so-called "brand identity," you'd probably want it to show in the first "Received" header.

I suppose that if your business is big enough, you'd probably run your own mail server.

Just my two shekels.

--
Jacinto

dbowdley 27 Jul 2018 05:03 PM

Hi Jacinto. It's the IP address that is being removed and nothing to do with domains.


All Runbox customers use the same mail server settings, so there is no "brand identity" as such in the headers for businesses :)

Jacinto 27 Jul 2018 06:50 PM

Hello, dbowdley.

Most SMTP servers perform reverse DNS (RDNS) checks and include the domain name in the "HELO" as well as the domain name disclosed by the RDNS check in the "Received" header.

Here is a redacted example of a Fastmail Received header with RDNS check:
Code:

Received: from mail.dovecot.fi (wursti.dovecot.fi [94.237.32.243])
    by mx5.messagingengine.com (Postfix) with ESMTP
    for <[USERNAME]@fastmail.fm>; Sun, 22 Jul 2018 10:36:09 -0400 (EDT)

Here is a redacted example of a Runbox Received header (apparently Runbox doesn't perform a RDNS check or doesn't include the RDNS domain in the Received header):
Code:

Received: from mail-it0-f44.google.com ([209.85.214.44])
    by mailfront10.runbox.com with esmtps  (TLS1.2:RSA_AES_128_CBC_SHA1:128)
    (Exim 4.82)
    id 1fhcDx-0001Ah-VX
    for [USERNAME]@runbox.eu; Mon, 23 Jul 2018 16:54:10 +0200

As a practical matter, though, most people are unaware of Received headers. Even people who know about them don't bother looking at them.

--
Jacinto

dbowdley 27 Jul 2018 08:03 PM

It is the IP address of the customer's ISP connection that we are removing from headers. For example, previously the header would read:


Received: from [CUSTOMER IP] (REDACTED) by mailfront10.runbox.com

and now it would read:

Received: by mailfront10.runbox.com


I hope that helps explain the change.

Jacinto 28 Jul 2018 01:18 AM

I, see, thank you.

Would that have any effect on the sender's DKIM headers?

--
Jacinto

dbowdley 28 Jul 2018 01:57 AM

It doesn't affect the validity of the DKIM signature of messages.That should still work as expected, and tests show that the messages we do sign with DKIM still get a dkim=pass result.

Jacinto 28 Jul 2018 06:39 PM

Good day and thank you, dbowdley.

To make sure that I didn't get it wrong, are you saying that ffor both, [1] a message that has a DKIM signature before it hits Runbox SMTP servers and [2] a message that is signed by Runbox servers, their DKIM signature will not be affected by the new Received header?

Thank you.

--
Jacinto

dbowdley 28 Jul 2018 07:04 PM

The change we have made only affects messages that are sent from an email program (like Thunderbird, Outlook or Apple Mail etc.) to us for onward transmission via our outgoing mail servers.

That it says "Received: by" is because we received it from your email client, it isn't referring to incoming mail to your account.

We are not changing anything in the headers of incoming email received from other email providers that may already have a DKIM signature.

Jacinto 28 Jul 2018 08:21 PM

I understand what you are saying, but it is not an answer to my question. Perhaps, my question wasn't specific enough.

Let's try again.

I have a local exim server that Thunderbird uses for outgoing mail. The exim server adds a DKIM signature to outgoing mail from one domain before it relays the message to Fastmail (first logging-in with proper credentials) for delivery to the recipient's SMTP server.

I have not yet used Runbox in this way. If I were to, would the exim DKIM signature remain valid?

Thank you.

--
Jacinto

dbowdley 28 Jul 2018 10:11 PM

I see what you mean now; thanks for the additional information.

I don't see why what we are doing would affect the DKIM signature. The signature your server adds would be based on certain headers that your server added when you sent the message. Anything that Runbox adds after that (and what we may or may not choose to add) doesn't affect the signature your server has added as we are not modifying the existing headers the signature was based on.

That said, it's an interesting question and if you want to try it out with us then drop us a line at Support and I'll set something up so we can confirm that the signature is still valid. :)

Jacinto 29 Jul 2018 06:34 PM

Thank you very much, dbowdley.

That's what I suspicioned.

No need for a test, your word is good enough for me.

Thank you, again.

--
Jacinto


All times are GMT +9. The time now is 12:23 AM.


Copyright EmailDiscussions.com 1998-2013. All Rights Reserved. Privacy Policy