Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Hierdie gesprek is in die argief. Vra asseblief 'n nuwe vraag as jy hulp nodig het.

Why does Thunderbird? or Gmail? show the inside IP of my NAT router in its headers to my reciepients?

  • 9 antwoorde
  • 5 hierdie probleem
  • 39 views
  • Laaste antwoord deur Cruizer

more options

My LAN IP shows up next to my WAN IP in my outgoing email headers (sent to my other accounts and viewed by me). I have not seen emails sent to me showing other people's LAN IP in their headers that I can recognize. Is it because I use gmail?

My LAN IP shows up next to my WAN IP in my outgoing email headers (sent to my other accounts and viewed by me). I have not seen emails sent to me showing other people's LAN IP in their headers that I can recognize. Is it because I use gmail?

Gekose oplossing

I found some info and a comment:

rfc-2821 ... 7.5 Information Disclosure in Trace Fields

  In some circumstances, such as when mail originates from
within a  LAN whose hosts are not directly on the public 
Internet, trace ("Received") fields produced in conformance
with this specification may disclose host names and similar
information that would not normally be available.  This 
ordinarily does not pose a problem, but sites with special 
concerns about name disclosure should be aware of it.  
Also, the optional FOR clause should be supplied with 
caution or not at all when multiple recipients are involved 
lest it inadvertently disclose the identities of "blind copy" 
recipients to others.


Also, you can read bug 417942 where this is discussed. Basically, Thunderbird is doing what email does:

identify the path that the email took from start to finish, so it can be traced back/debugged/etc if necessary.

It appears that Thunderbird only sends an IP address if there's no host name available, so if you were willing to set up a DNS server in your private network and assign your devices to host names, you could avoid having your internal IP address exposed.

closed

Lees dié antwoord in konteks 👍 0

All Replies (9)

more options

No it's not Gmail. I have sent test messages from one of my accounts to two other accounts I have, one with Gmail and the other Ymail (Yahoo). Both of them show the network IP address next to the the outgoing IP address if I have View > Headers > All selected.

more options

Thanks for checking. Maybe it has to do with the secure connection to the server. Maybe anti spoofing?

more options

I have seen this both included and not included in email headers at various times and different locations. I think the local router has a part to play in whether or not it reports its IP address(es).

more options

Thanks for the info. Will do more checking .

more options

Gekose oplossing

I found some info and a comment:

rfc-2821 ... 7.5 Information Disclosure in Trace Fields

  In some circumstances, such as when mail originates from
within a  LAN whose hosts are not directly on the public 
Internet, trace ("Received") fields produced in conformance
with this specification may disclose host names and similar
information that would not normally be available.  This 
ordinarily does not pose a problem, but sites with special 
concerns about name disclosure should be aware of it.  
Also, the optional FOR clause should be supplied with 
caution or not at all when multiple recipients are involved 
lest it inadvertently disclose the identities of "blind copy" 
recipients to others.


Also, you can read bug 417942 where this is discussed. Basically, Thunderbird is doing what email does:

identify the path that the email took from start to finish, so it can be traced back/debugged/etc if necessary.

It appears that Thunderbird only sends an IP address if there's no host name available, so if you were willing to set up a DNS server in your private network and assign your devices to host names, you could avoid having your internal IP address exposed.

closed

Gewysig op deur Cruizer

more options

Try this:

http://forums.mozillazine.org/viewtopic.php?t=574630

I managed to get it working. Strings name must be like: mail.smtpserver.smtp1.hello_argument And it has to have a value. If you leave value field empty it doesn't work.

Thunderbird v45.4.0

Gewysig op deur blurker

more options

Can you explain your objection to non-routeable addresses being displayed in this way?

more options

Zenos said

Can you explain your objection to non-routeable addresses being displayed in this way?

It can be security/privacy risk. It shows some insight how your NAT/router is setup. Not good for possible XSS attacks. It can also be used for identification if NAT IP is not very common. I found some people complaining that Thunderbird reveals their IP when they use VPN.

Private IPs from internal NAT networks should never be exposed on WAN. This practice presents greater risk now that various devices (internet of things) are connected to our routers. Those devices can be exploited and be part of large botnets. Example: https://www.hackread.com/iot-devices-with-mirai-ddos-malware/

Feature might be useful on larger networks to identify computer where email was sent from.

more options

THANK YOU blurker! Perhaps we can slow down some hackers by increasing the difficulty on the internet battleground.

Gewysig op deur Cruizer