Search code examples
emailspam-preventionspamemail-spamemail-headers

Sensitive information in email headers?

If the to: email is removed, is there any senstive information in an email header?

The reason I ask is because I am starting a project (like many others) to document received spam. I plan to publish the headers (with my email and name removed).

So I am wondering if there is anyway spammers (or anyone else) could possible retrieve private information based on the header content

Thoughts?

Solution

  • Well, there's the routing path - the Received headers show which servers relayed it, together with their IP addresses. If you are worried about exposing DNS names and IP addresses there, you may want to remove them. There's also Message-ID, which should be unique at the origin server, but that is not really relevant in this case:

    Delivered-To: foobar.xyzzy@example.org
Received: by 10.150.52.9 with SMTP id z9cs167242ybz; Wed, 2 Mar 2011
 01:23:55 -0800 (PST)
Received: by 10.204.123.144 with SMTP id p16mr7228369bkr.25.1299057834954;
 Wed, 02 Mar 2011 01:23:54 -0800 (PST)
Return-Path: <support@example.org>
Received: from www.example.org (www.example.org [127.25.43.2]) by
 mx.example.com with SMTP id b20si16526479bkb.8.2011.03.02.01.23.53; Wed, 02
 Mar 2011 01:23:53 -0800 (PST)
Received-SPF: unknown (example.com: domain of support@example.org uses a
 mechanism not recognized by this client. unknown  mechanisms: ))
 client-ip=89.250.243.218;
Authentication-Results: mx.example.com; spf=permerror (example.com: domain of
 support@example.org uses a mechanism not recognized by this client. unknown
  mechanisms: )) smtp.mail=support@example.org
Received: (qmail 16028 invoked from network); 2 Mar 2011 10:23:57 +0100
Received: from unknown (HELO localhost) (127.0.0.1) by localhost with SMTP;
 2 Mar 2011 10:23:57 +0100
X-Mailer: [redacted] v3.0
X-Priority: 3
MIME-Version: 1.0
Date: Wed, 02 Mar 2011 10:23:57 +0100
Subject: [redacted]
Content-Type: multipart/alternative; boundary="=_932aa962c78a5f164be3066dcfdce0e7"
From: "MAILER-DAEMON@www.example.org" <support@example.org>
Reply-To: support@example.org
Message-ID: <lhfbfx.boc32o@other.example.net>
To: foobar.xyzzy@example.org

    So, the most relevant part would be the routing data - unless you use a hosted service where you can hide in the crowd (e.g. gMail), this could be used to guess the domain of the recipient.