To figure out a problem, I need to post mail headers on a public forum, I read What information can be gained from an Email Header? but I'm not sure what information can identify me personally from the headers. Just removing the email address is enough?
Asked
Active
Viewed 104 times
1
-
Frankly, why do you care? I use my real first and last name in this forum. Why is a question about email a concern about tying it back to you? – Steve Sether Oct 09 '15 at 20:20
-
You can spoof any email address you want. – Oct 09 '15 at 20:56
-
Shouldn't this question be asked as what are the minimum email headers I can post to solve my problem? And if that's the case we don't have enough information to answer your question. – Robert Mennell Oct 09 '15 at 21:46
-
@RobertMennell if you don't know what the problem is how can you determine which headers shouldn't be posted. The question has every information you need: the reason is for diagnosis of an unknown problem while keeping privacy. And no, that wouldn't solve the question. – Braiam Oct 09 '15 at 23:31
-
@Begueradj not sure why that is relevant. – Braiam Oct 09 '15 at 23:32
-
@SteveSether well, that's your prerogative. I do care. – Braiam Oct 09 '15 at 23:38
-
I'm having trouble coming up with a single header that *doesn't* have potentially sensitive information. Maybe the Date? – tylerl Oct 10 '15 at 04:56
-
I have the same problem as @RobertMennell: **1.** Are you trying to send an email anonymously? **2.** Or are you may be trying to control which fields/information of the email header you can control/or if you can control such information?. For case 2, you need to tell us which emailing system/software you use (hoping your question would remain in the scope of InfoSec, though). Thanks – Oct 10 '15 at 05:20
1 Answers
1
You can try using an email analyzer tool like this one to get a better sense of what kind of data is in the header. (ex. http://mxtoolbox.com/EmailHeaders.aspx) Note that when you use a tool like this that you are giving the provider of the service your header information so you will need to trust mxtoolbox.com if you decide to use the service.
Mask all URLs (x.xxxx.com) and the first three octets of any IP addresses (x.x.x.13). You can also mask, say half of the message ID and any other ID strings. Message IDs aren't going to be very useful to anyone unless a.) they know what mail server to look for, b.) they have access to the mail server, or c.) they know someone that has access to the server.
Depending on the issue, you could also try duplicating the problem using an email address and email server that is not attributed to you.
If the IP addresses and URLs are key to solving the issue then you will need to post them. In that case just simply mask any IPs and URLs that are directly attributed to you. (e.g. your email server, your company IP, etc.)
Also make sure that names and/or any other identifiable information is masked from the message content if you plan on posting that as well.