Author: Phil Pennock Date: To: Jan Ingvoldstad CC: exim users Subject: Re: [exim] EBL: blacklist for email addresses in Reply-To and
message bodies
On 2017-06-29 at 11:00 +0200, Jan Ingvoldstad via Exim-users wrote: > There are DNS lookups for the sender and recipient domains, and in the
> case of spam filtering, there are often additional DNS lookups in
> DNSBLs for URIs found in the message content.
URIs, is a fair point, but privacy-focused services don't do those
lookups anyway.
If Gmail's outbound hosts connect to your server, you do a lookup based
on IP, or upon "gmail.com", and you reveal nothing more than was
observable already: Gmail connected to you. For a very few
organizations which host mail for many domains, you _might_ additionally
leak which domain was talked to, but since those will often be local
they can be queried on local network, or for a client's domain, it might
just be leaked anyway, but with a high probability of being cached.
Doing predictable lookups based upon the full email address, not just
the domain, is drastically different from a privacy perspective. This
is the sort of thing which is sensitive metadata with reasonable privacy
expectations. Folks who go around sending cleartext queries to sites
across the open Internet which are long-term 1:1 tied to email addresses
are hindering their legal defense against future wiretap orders.
I *STRONGLY* encourage any postmaster considering deploying this
technology to talk to their organization's legal counsel before doing
so, to be sure that the implications are understood and to protect you
from personal liability.
