[Tickets #13041] Re: Posibillity to diabled the Received from ... (Horde Framework) with HTTP header line injection to the e-Mail header lines.
noreply at bugs.horde.org
noreply at bugs.horde.org
Tue Mar 18 19:47:17 UTC 2014
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/13041
------------------------------------------------------------------------------
Ticket | 13041
Updated By | Michael Slusarz <slusarz at horde.org>
Summary | Posibillity to diabled the Received from ... (Horde
| Framework) with HTTP header line injection to the
| e-Mail header lines.
Queue | Horde Framework Packages
Version | Git master
Type | Enhancement
-State | New
+State | Rejected
Priority | 2. Medium
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
Michael Slusarz <slusarz at horde.org> (2014-03-18 13:47) wrote:
> is there a possibility, or could this be realized, to diabled the
> Received from ... (Horde Framework) with HTTP ... header line
> injection to the e-Mail header lines.
This is a terrible idea. It is explicitly prohibited against RFCs.
> This could be good for security reason, because sometime I use a
> browser at a place, and I don't want to get lines like the following
> in my e-Mail-Header:
If you are worried about privacy, then don't send e-mail messages.
Otherwise, if you remove those headers, it becomes a security issue
from the *recipient's* side, since they can no longer effectively
track the message in the case of abuse. So these headers are for the
benefit of the recipient, not the sender. You start removing tracking
headers and you become at risk of being put on various RBLs, for
example.
More information about the bugs
mailing list