Webmail providers (and others) hiding user IPs was the right decision
Once upon a time when GMail was new, one of my gripes about it was that, unlike Hotmail and Yahoo and other webmail providers at the time, it didn't add a header to outgoing email that had the original IP that the user submitted the message from. My mail filter systems of the time liked to use that origin IP address information as part of filtering decisions, and GMail lacking it made it harder to selectively deal with spam from them (there has always been spam from GMail).
In the spirit of admitting past mistakes, I was wrong here. Yes, not having that information made my life harder in dealing with GMail spam issues. But the history of people mining every piece of privacy invasive information they can has made it clear that GMail made the right decision overall. Denying other people potentially sensitive information about where particular GMail users are is the right decision for the modern Internet and has been for some time. All webmail providers should be doing the same if they aren't already, and in fact really everyone should be. Where your users submit email from is no one else's business and they shouldn't be allowed to snoop into it, because it reveals potentially sensitive information.
(These days it may be a violation of various privacy regulations to pass this information over to other people by putting it in email headers.)
We used to be pretty decent about this ourselves because all of our
email had to be submitted from local networks, including our VPN
servers, and so the outside location of our users wasn't revealed
(if they were outside and VPN'ing in). These days we have an
authenticated SMTP submission server with a standard MTA configuration,
which means that it leaks information in the default
headers, and also a webmail server that adds its own synthetic
Received header with IP address information. At some point we
should probably deal with both of these issues.
(The authenticated SMTP submission server can drop the IP address
Received header it generates and just put in the
authenticated user and the Exim message ID (which is enough to trace
it in our logs and recover that information). As for the webmail
system, perhaps it can be configured to leave out that information
and only put it into logs or the like.)
PS: If this feels like an obvious thing today, that shows how far things have shifted on the Internet since GMail was originally introduced, or at least how perceptions and understandings have shifted.
Comments on this page:Written on 23 February 2020.