Quote:
Originally Posted by JeremyNicoll
That wouldn't prove anything at all. The way the headers are added, and the info in them only applies to properly written RFC-compliant servers. If someone was deliberately running a spying server in the middle of a chain of servers you couldn't expect them to insert a header confessing what they were doing. Most likely they'd put in a fake header, but they could omit it completely, and if they spoofed their ip address when passing it on the next header wouldn't tell you where the last server had really been.
|
Widespread understanding of this combined with malicious intent could destroy the email ecosystem as we know it in a week. Similar to how some upstreams still handle BGP can and frequently does do to the internet as a whole for brief moments now and again. Clock is running out on trust based systems.