Ask Al: Additional Received Headers?

Ask Al: Additional Received Headers?

Jeremy writes, "Hey, Al! I was wondering if you could help me make a case for adding additional received headers to outbound messages. At the company I work for, one of our technologists convinced the head guy that we should try adding additional unique received headers to every message, rotating through unique IP addresses and host names. Do you have any insight on whether or not this would be a good or bad practice? Thanks in advance."

Jeremy, I'm not exactly sure what they're going for here. Received headers are simple tracking mechanisms in internet email; they're meant only to show the path the email actually took to reach the recipient. They are widely used by various spam filtering appliances and ISP filters. You could, in theory, add additional received headers to the bottom of the "received header" chain, making it look like some other server handed off the mail to you. But, you wouldn't be able to modify, hide, or remove the received header that identifies your MTA (mail server) handing the mail off to an ISP's mail server. The remote ISP creates that header upon receipt of the message from you, meaning that any received headers you add would show up below this header in the received header chain.

Adding additional received headers has no legitimate purpose. Webmails sometimes add a received header to indicate that a message was injected into their mail system over HTTP, but that's not what we're talking about here.

Adding headers like that could confuse some less-refined spam filters into blacklisting other people (besides you) but it wouldn't prevent them from telling that a message came from your IP address or network. It could also make spam filters think you're infected or that your servers are acting as part of a botnet. It would probably increase spam blocking against you. And, most importantly, that this would pretty easily be construed as falsifying header information to hide the true source of the email. That would be a pretty blatant violation of the US federal anti-spam law (CAN-SPAM). Bad news, all around!
by
Labels
Al Iverson
I've lived in Chicago since 2006. I spend a lot of time in hotels. I spend the time catching up on emails, blogging, writing shell scripts, and solving complex email-related equations. The system says I've been a Blogger user since April 2006. Actually, most of my sites are far older -- spamresource.com in particular has been a dumping ground for my thoughts on spam going back to 2001. I've been doing the whole "blog thing" for years, before I knew to call it blogging. I'm a jazz fan and my favorite club in the world is the Artists' Quarter in St. Paul, Minnesota.
1 Comments

Comments

  1. Peter Blair8:36 AM, March 01, 2010

    Serious? People think that sort of obfuscation could be a good thing? Aye..

    Clue stick time.

    ReplyDelete

Comments policy: Al is always right. Kidding, mostly. Be polite, please and thank you.