provider-db icon indicating copy to clipboard operation
provider-db copied to clipboard
verified publisher icon deltachat

Flag providers that leak IP addresses of SMTP users in Received header

Open link2xt opened this issue 1 year ago • 6 comments

Some providers like Gmail leak IP addresses in Received headers: https://ylukem.com/blog/apple-mail-leaks-your-ip-address

Posteo, mailbox.org, mailo, yandex, outlook, fastmail, riseup and systemli do not leak IP address as far as I see from my mail archives.

Also all Mailcow and chatmail instances do not leak the IP.

Leaking providers: Gmail, web.de, 163.com, gmx.net. icloud leaked in the past but this has since changed, need to be checked again.

link2xt avatar Oct 27 '24 16:10 link2xt

Should we also show this information in-app?

IP address leakage isn't related to onboarding, so while it is a warning, the PREPARE flag doesn't really fit. Should we add a WARNING flag beside that?

When I think about it - how useful is an IP address for the email recipient (and their server) anyway? It can't be pinned down to a postal address by non-state attackers; and they don't need to look at the email headers to get the IP address, they can just ask those providers as they log them certainly. It can mostly be used for tracking, which is not nice, but doesn't warrant for a visible warning.

missytake avatar Jan 06 '25 08:01 missytake

As mentioned on chat before we created this issue, anyone can easily track others by consulting a geoip database. Even when the location is only accurate up to street or town, it can leak information about the sender such as when and where they work, study, whether they are having an affair, whether they are lying, etc. Describing this as "not nice" is an understatement.

No modern communication network is expected to leak client IP to every other client. Even most popular IRC networks started offering free cloaks to every user in the past decades to mitigate this. It is a valid user expectation and it must be present with huge red letters if this expectation will not hold when using a communications app.

bkil avatar Jan 06 '25 09:01 bkil

I guess if the provider-db provides a flag for client-IP-leaking providers then anyone who onboards with such a leaky provider could get a warning as a device message. Maybe better Delta Chat could do a self-send-message test after onboarding and see if the IP-address is present and warn about it. Maybe better than maintaining flags in provider-db and more comprehensive (i.e. pointing people with self-hosted
e-mail to the problem which can be easily fixed with Postfix servers).

On Mon, Jan 06, 2025 at 01:43 -0800, Thomas Nagy wrote:

As mentioned on chat before we created this issue, anyone can easily track others by consulting a geoip database. Even when the location is only accurate up to street or town, it can leak information about the sender such as when and where they work, study, whether they are having an affair, whether they are lying, etc. Describing this as "not nice" is an understatement.

No modern communication network is expected to leak client IP to every other client. Even most popular IRC networks started offering free cloaks to every user in the past decades to mitigate this. It is a valid user expectation and it must be present with huge red letters if this expectation will not hold when using a communications app.

-- Reply to this email directly or view it on GitHub: https://github.com/deltachat/provider-db/issues/313#issuecomment-2572739358 You are receiving this because you are subscribed to this thread.

Message ID: @.***>

hpk42 avatar Jan 06 '25 18:01 hpk42

I agree that such a self test after installation would be beneficial.

So would collecting and publishing its results in a public chart (such as one generated using provider-db)!

bkil avatar Jan 06 '25 19:01 bkil

well, collecting self-test results to some server is an entirely different thing (privacy-wise). Delta Chat developers/servers don't know a list of e-mail addresses or domains from users.

On Mon, Jan 06, 2025 at 11:18 -0800, Thomas Nagy wrote:

I agree that such a self test after installation would be beneficial.

So would collecting and publishing its results in a public chart (such as one generated using provider-db)!

-- Reply to this email directly or view it on GitHub: https://github.com/deltachat/provider-db/issues/313#issuecomment-2573754905 You are receiving this because you commented.

Message ID: @.***>

hpk42 avatar Jan 06 '25 21:01 hpk42

No self-test result would be automatically collected. A user could file an issue or PR on this repo just as before.

The app may check its built-in cache of the last published list first and only ask the user to submit an update if no (recent) information is present in the published chart about the given provider.

bkil avatar Jan 06 '25 22:01 bkil