[plug] PLUG headers revealing email addresses

Krystin Dix krystindix at lothar.id.au
Wed Feb 26 12:16:10 UTC 2014


Hey Steve,

I will pass this on to the guys responsible and see what they say. (I currently work for iiNet / Westnet Hosting).

It is interesting to see that it is done this way. If you wouldn't mind forwarding me off list the exact headers received to kdix at staff.iinet.net.au and I will come back here with a response.

Thanks
Krystin Dix

-----Original Message-----
From: plug [mailto:plug-bounces at plug.org.au] On Behalf Of Steve Boak
Sent: Wednesday, February 26, 2014 6:58 PM
To: plug at plug.org.au
Subject: Re: [plug] PLUG headers revealing email addresses

On 26/02/14 14:37, James Henstridge wrote:
> On Mon, Feb 24, 2014 at 9:36 AM, Steve Boak <sboak at westnet.com.au> wrote:
>> Hi
>>
>> I just happened to be looking through the source of a plug list 
>> message and saw this in the headers (and yes, my address  is one of 
>> them)
>>
>> X-Envelope-To: bxxx at westnet.com.au, bxxx at westnet.com.au, 
>> cxxx at westnet.com.au,
>>   gxxx at westnet.com.au, gxxx at westnet.com.au, jxxx at westnet.com.au,
>>   mxxx at westnet.com.au, mxxx at westnet.com.au, nxxx at westnet.com.au,
>>   rxxx at westnet.com.au, sxxx at westnet.com.au, vxxx at westnet.com.au,
>>   wxxx at westnet.com.au
>>
>> I've anonymised them of course, but interesting to note that it's 
>> only westnet addresses showing up here. Is this an artefact of the 
>> way the list mailer groups it's send list?
>>
>> Can these be hidden in some way, or is that just the way the list works?
> Hi Steve,
>
> I don't see that header in any of the PLUG messages in my archive.
> Given that the addresses you've listed are all @westnet.com.au, is it 
> possible that the header is being added by your ISP?  The ordering of 
> the header relative to the "Received" headers might give a clue about 
> whether this is the case.
>
> When sending bulk mail (such as mailing list traffic), it isn't 
> uncommon to group the delivery in this way to cut down on traffic.
> There may be an option in mailman to deliver messages independently, 
> but it is really the ISP that is leaking the information to you.
>
> James.

Hi James

The adding of the X-Envelope-To header with multiple westnet addresses started on the 1st of February (this year), and every email I have received directly from the plug list since then has it. Emails which are addressed to me and cc'ed to the plug list (such as your email above) don't, even though they are delivered to the same addresses.

Thanks for the tip about the ordering of headers - the extract below seems to indicate that it is iinet's mail server at fault.

X-IronPort-AV: E=Sophos;i="4.97,527,1389715200"; d="scan'208";a="185453217"
X-Envelope-To: bxxx at westnet.com.au, bxxx at westnet.com.au, cxxx at westnet.com.au, gxxx at westnet.com.au, gxxx at westnet.com.au, jxxx at westnet.com.au, mxxx at westnet.com.au, mxxx at westnet.com.au, nxxx at westnet.com.au, rxxx at westnet.com.au, sxxx at westnet.com.au, vxxx at westnet.com.au, wxxx at westnet.com.au
Received: from unknown (HELO power.plug.org.au) ([54.252.97.56]) by icp-osb-irony-in14.iinet.net.au with ESMTP; 23 Feb 2014 10:51:27 +0800
Received: from power.plug.org.au (localhost [IPv6:::1]) by power.plug.org.au (Postfix) with ESMTP id 9D0965D489; Sun, 23 Feb 2014
02:54:04 +0000 (UTC)
X-Original-To: plug at plug.org.au

I'll approach Westnet for an explanation.

Steve

_______________________________________________
PLUG discussion list: plug at plug.org.au
http://lists.plug.org.au/mailman/listinfo/plug
Committee e-mail: committee at plug.org.au
PLUG Membership: http://www.plug.org.au/membership


More information about the plug mailing list