unofficial mirror of notmuch@notmuchmail.org
 help / color / mirror / code / Atom feed
* filtering headers from forwarded messages
@ 2019-12-20 18:50 Daniel Kahn Gillmor
  2019-12-30 13:16 ` Teemu Likonen
  0 siblings, 1 reply; 9+ messages in thread
From: Daniel Kahn Gillmor @ 2019-12-20 18:50 UTC (permalink / raw)
  To: Notmuch Mail

[-- Attachment #1: Type: text/plain, Size: 2281 bytes --]

hey folks--

i recently had cause to forward a set of messages to a colleague via
notmuch (thank you for "notmuch-show-forward-open-messages"!), and
noticed that forwarding messages that i've personally received leaks
quite a bit of metadata about message delivery paths that is (a)
generally not useful when i'm forwarding in order to transfer the
message content, and (b) potentially harmful to users whose message
routing path reveals something bad or awkward about their setup.

For example, maybe for some people, their incoming mail path shows that
they're actually reading their personal e-mail on their employer's
mailsystems, but they don't want to expose their place of employment to
someone just by forwarding a message.  (this path is exposed by
Received: headers)

Or, there are internal headers added by local antispam or antimalware
filters, and they don't want to expose the specifics of their filtering
defenses because it might enable attacks on those systems (or customized
bypass mechanisms).

So, it occurs to me that someone might want to forward a message (or
messages) while filtering the headers in some way.

Of course, for messages being forwarded for the purpose of debugging the
transit path, you *don't* want to filter out headers.

In notmuch-emacs, i can manually filter the headers by editing the reply
compose buffer, of course, but it's kind of a pain, and it'd be nice to
have it done automatically for me.

Some possible filters i can imagine (which might well have problems, i
would appreciate any review):

 - blocklist: remove all headers that are in a fixed set: (Received,
      Delivered-To, Received-SPF, X-Original-To, Return-Path,
      X-Virus-Check-By, X-Virus-Scanned, Authentication-Results, X-MS-*,
      X-Microsoft-*)
 
 - allowlist: remove all headers except for a fixed set (To, From, Cc,
      Subject, Date, Message-Id, References, In-Reply-To, MIME-Version,
      Content-*, List-*, Sender)

 - ordered removal: remove all headers up to and including the last
   Received line


Has anyone else considered this use case, or thought about how to make
it easy/simple to do the right thing when using Notmuch?  Are there
other factors that are worth considering?

    --dkg

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

end of thread, other threads:[~2021-01-03 17:51 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-12-20 18:50 filtering headers from forwarded messages Daniel Kahn Gillmor
2019-12-30 13:16 ` Teemu Likonen
2020-01-08 15:25   ` Daniel Kahn Gillmor
2020-01-16 20:20     ` Daniel Kahn Gillmor
2020-12-24 17:56       ` Daniel Kahn Gillmor
2020-12-30 10:46         ` Teemu Likonen
2020-12-31 22:39           ` Daniel Kahn Gillmor
2021-01-03  7:48             ` Teemu Likonen
2021-01-03 17:35               ` Daniel Kahn Gillmor

Code repositories for project(s) associated with this public inbox

	https://yhetil.org/notmuch.git/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).