On (not) putting IP addresses in registration email
If you are creating some sort of system that sends email to people in
response to web-based requests, it is tempting to
think that you should put in the IP address (and the timestamp) that the
request came from, in case your services are abused. In practice this is
useless, for a number of reasons.
The first one is that almost no one sends abuse complaints about spam
any more, because people have long since worked out that doing so is
almost always a waste of (their) time. If your system is used to spam
people, they're just going to arrange to block you (in one of many
different ways, often by clicking some 'report as spam' button).
Related to this is that what you are actually giving people is second
hand evidence, and that is plain not very useful for abuse complaints.
Imagine that you are an abuse department and you get a report that says,
more or less, 'someone else sent me spam, but claims that it came from
one of your IP addresses at this time'. Are you going to do very much
with that complaint? Well, no, for all sorts of reasons.
(Also, let me gently point out that these days anyone who is going to
use your system to harass someone with subscription requests is going to
do it through open proxies.)
As mentioned before,
one of the reasons that such second hand evidence is not very useful
is that it has been faked over and over again by spammers themselves,
because spammers just love to claim that they're not responsible for the
spam, no, really. At this point such claims are probably more likely to
appear in spam than they are to appear in real email, and certainly they
give your email messages a certain smell.
So in short, including IP addresses is useless in practice and
makes your email look kind of spammy.
Finally, there is an issue of responsibility. To wit: if your system can
be used to spam someone, it is your responsibility to fix it and to
deal with it, not the recipient's. It is your job to take precautions,
to be unattractive to spammers and harassers, to track and block IPs,
and if necessary to send abuse complaints to ISPs. If you're doing
all of this right, putting the request's IP address in the email is
Putting the IP address in your email messages anyways sends any
number of signals to people. None of them are very good signals.
(See this and especially this.)