linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] doc: process: add privacy warning when using some SMTP servers
@ 2022-10-13 12:31 sndanailov
  2022-10-13 13:35 ` Jonathan Corbet
  0 siblings, 1 reply; 3+ messages in thread
From: sndanailov @ 2022-10-13 12:31 UTC (permalink / raw)
  To: corbet; +Cc: rdunlap, linux-doc, linux-kernel, Sotir Danailov

From: Sotir Danailov <sndanailov@wired4ever.net>

Warn the user about "Received" headers and how some
SMTP servers use them by attaching the user's IP addresses,
when using some email clients. Add suggestion on how to
test this behavior and how to avoid it.

Signed-off-by: Sotir Danailov <sndanailov@wired4ever.net>
---
 Documentation/process/email-clients.rst | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/Documentation/process/email-clients.rst b/Documentation/process/email-clients.rst
index fc2c46f3f82d..9c49f9b33fdb 100644
--- a/Documentation/process/email-clients.rst
+++ b/Documentation/process/email-clients.rst
@@ -350,3 +350,24 @@ although tab2space problem can be solved with external editor.
 
 Another problem is that Gmail will base64-encode any message that has a
 non-ASCII character. That includes things like European names.
+
+Privacy/Security
+----------------
+
+Keep in mind, that even if you're using a working email client, the SMTP
+server might have configurations you don't like.
+
+For example, if you decide to use the Gmail SMTP server with the Thunderbird
+client, the server will add your private and public IPs into "Received"
+headers, which are attached to all of your sent emails. This is done
+to avoid spam and to check where in the routing path an error might have
+occurred. Gmail's web GUI client doesn't add your IPs, because it's sent from
+Google's servers directly, not an external machine. Unfortunately the web
+client is not good for sending patches. You can check if your IPs are present
+in the headers by reading the raw email source.
+
+If you do not wish this behavior, you need to find a provider which doesn't
+do it or configure and host a SMTP server yourself.
+
+If you're concerned, always first send an email to yourself, read the email
+source and if you see no issues, continue to the mailing lists!
-- 
2.37.3


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] doc: process: add privacy warning when using some SMTP servers
  2022-10-13 12:31 [PATCH] doc: process: add privacy warning when using some SMTP servers sndanailov
@ 2022-10-13 13:35 ` Jonathan Corbet
  2022-10-13 15:21   ` Sotir Danailov
  0 siblings, 1 reply; 3+ messages in thread
From: Jonathan Corbet @ 2022-10-13 13:35 UTC (permalink / raw)
  To: sndanailov; +Cc: rdunlap, linux-doc, linux-kernel, Sotir Danailov

sndanailov@wired4ever.net writes:

> From: Sotir Danailov <sndanailov@wired4ever.net>
>
> Warn the user about "Received" headers and how some
> SMTP servers use them by attaching the user's IP addresses,
> when using some email clients. Add suggestion on how to
> test this behavior and how to avoid it.
>
> Signed-off-by: Sotir Danailov <sndanailov@wired4ever.net>
> ---
>  Documentation/process/email-clients.rst | 21 +++++++++++++++++++++
>  1 file changed, 21 insertions(+)
>
> diff --git a/Documentation/process/email-clients.rst b/Documentation/process/email-clients.rst
> index fc2c46f3f82d..9c49f9b33fdb 100644
> --- a/Documentation/process/email-clients.rst
> +++ b/Documentation/process/email-clients.rst
> @@ -350,3 +350,24 @@ although tab2space problem can be solved with external editor.
>  
>  Another problem is that Gmail will base64-encode any message that has a
>  non-ASCII character. That includes things like European names.
> +
> +Privacy/Security
> +----------------
> +
> +Keep in mind, that even if you're using a working email client, the SMTP
> +server might have configurations you don't like.
> +
> +For example, if you decide to use the Gmail SMTP server with the Thunderbird
> +client, the server will add your private and public IPs into "Received"
> +headers, which are attached to all of your sent emails. This is done
> +to avoid spam and to check where in the routing path an error might have
> +occurred. Gmail's web GUI client doesn't add your IPs, because it's sent from
> +Google's servers directly, not an external machine. Unfortunately the web
> +client is not good for sending patches. You can check if your IPs are present
> +in the headers by reading the raw email source.
> +
> +If you do not wish this behavior, you need to find a provider which doesn't
> +do it or configure and host a SMTP server yourself.
> +
> +If you're concerned, always first send an email to yourself, read the email
> +source and if you see no issues, continue to the mailing lists!

So this seems to be just a description of how email works - the Received
headers always show the path through the net.  Is this really something
that we need to cover in the kernel docs?

Thanks,

jon

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] doc: process: add privacy warning when using some SMTP servers
  2022-10-13 13:35 ` Jonathan Corbet
@ 2022-10-13 15:21   ` Sotir Danailov
  0 siblings, 0 replies; 3+ messages in thread
From: Sotir Danailov @ 2022-10-13 15:21 UTC (permalink / raw)
  To: Jonathan Corbet; +Cc: Randy Dunlap, linux-doc, linux-kernel

On Thu 13 10 2022 15:35, Jonathan Corbet wrote:
> So this seems to be just a description of how email works

Well it felt appropriate to warn the user, because many people
(like myself before) might not realize this is happening even if
they think they know how email basically works.

> the Received headers always show the path through the net.

Yes, but is also dependent on the SMTP server configuration,
so someone might not realize that changing the server would
add such sensitive data to something public.

> Is this really something that we need to cover in the kernel docs?

It's part of the process, is it not? I'm sure many people
would like to have this information before starting on the
kernel for the first time.

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-10-13 15:21 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-10-13 12:31 [PATCH] doc: process: add privacy warning when using some SMTP servers sndanailov
2022-10-13 13:35 ` Jonathan Corbet
2022-10-13 15:21   ` Sotir Danailov

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).