Why does Thunderbird? or Gmail? show the inside IP of my NAT router in its headers to my reciepients?
My LAN IP shows up next to my WAN IP in my outgoing email headers (sent to my other accounts and viewed by me). I have not seen emails sent to me showing other people's LAN IP in their headers that I can recognize. Is it because I use gmail?
Gekose oplossing
I found some info and a comment:
rfc-2821 ... 7.5 Information Disclosure in Trace Fields
In some circumstances, such as when mail originates from within a LAN whose hosts are not directly on the public Internet, trace ("Received") fields produced in conformance with this specification may disclose host names and similar information that would not normally be available. This ordinarily does not pose a problem, but sites with special concerns about name disclosure should be aware of it. Also, the optional FOR clause should be supplied with caution or not at all when multiple recipients are involved lest it inadvertently disclose the identities of "blind copy" recipients to others.
Also, you can read bug 417942 where this is discussed. Basically, Thunderbird is doing what email does:
identify the path that the email took from start to finish, so it can be traced back/debugged/etc if necessary.
It appears that Thunderbird only sends an IP address if there's no host name available, so if you were willing to set up a DNS server in your private network and assign your devices to host names, you could avoid having your internal IP address exposed.
closed
Lees dié antwoord in konteks 👍 0All Replies (9)
No it's not Gmail. I have sent test messages from one of my accounts to two other accounts I have, one with Gmail and the other Ymail (Yahoo). Both of them show the network IP address next to the the outgoing IP address if I have View > Headers > All selected.
Thanks for checking. Maybe it has to do with the secure connection to the server. Maybe anti spoofing?
I have seen this both included and not included in email headers at various times and different locations. I think the local router has a part to play in whether or not it reports its IP address(es).
Thanks for the info. Will do more checking .
Gekose oplossing
I found some info and a comment:
rfc-2821 ... 7.5 Information Disclosure in Trace Fields
In some circumstances, such as when mail originates from within a LAN whose hosts are not directly on the public Internet, trace ("Received") fields produced in conformance with this specification may disclose host names and similar information that would not normally be available. This ordinarily does not pose a problem, but sites with special concerns about name disclosure should be aware of it. Also, the optional FOR clause should be supplied with caution or not at all when multiple recipients are involved lest it inadvertently disclose the identities of "blind copy" recipients to others.
Also, you can read bug 417942 where this is discussed. Basically, Thunderbird is doing what email does:
identify the path that the email took from start to finish, so it can be traced back/debugged/etc if necessary.
It appears that Thunderbird only sends an IP address if there's no host name available, so if you were willing to set up a DNS server in your private network and assign your devices to host names, you could avoid having your internal IP address exposed.
closed
Gewysig op
Try this:
http://forums.mozillazine.org/viewtopic.php?t=574630
I managed to get it working. Strings name must be like: mail.smtpserver.smtp1.hello_argument And it has to have a value. If you leave value field empty it doesn't work.
Thunderbird v45.4.0
Gewysig op
Can you explain your objection to non-routeable addresses being displayed in this way?
Zenos said
Can you explain your objection to non-routeable addresses being displayed in this way?
It can be security/privacy risk. It shows some insight how your NAT/router is setup. Not good for possible XSS attacks. It can also be used for identification if NAT IP is not very common. I found some people complaining that Thunderbird reveals their IP when they use VPN.
Private IPs from internal NAT networks should never be exposed on WAN. This practice presents greater risk now that various devices (internet of things) are connected to our routers. Those devices can be exploited and be part of large botnets. Example: https://www.hackread.com/iot-devices-with-mirai-ddos-malware/
Feature might be useful on larger networks to identify computer where email was sent from.
THANK YOU blurker! Perhaps we can slow down some hackers by increasing the difficulty on the internet battleground.
Gewysig op