Important note to anyone using mozilla thunderbird

jjj333_p · 2022年03月05日03:47

Hey all,

I was considering using mozilla thunderbird, so i tested the email headers, and confirmed it injects your ip into the header

that first red block is confirmed my ipv6 address. the others look a little off for being an ipv6, perhaps a mac address?

jono1234 · 2022年03月05日05:23

After doing some investigating, it’s common practice for mail servers to send this in their headers - not a Mozilla Thunderbird issue.
If this was to be disabled system administrators would need to add "
/^Received: from [^ ]+ ([^ ]+ [[IPv0-9a-f:.]+])\s+(.* (Postfix) with .+)$/ REPLACE Received: $1"
To their mail config to remove it.

jjj333_p · 2022年03月05日07:55

however thunderbird could likely prevent it by replacing the ip with something. I do wish mail providers would not put this in the header, however google leaves it in so i suppose its an “industry standard”

jono1234 · 2022年03月05日09:27

Also, some mail providers will prevent you from sending emails to them if you don’t have an IP address there.

TenMirim · 2022年03月08日18:33

The scammer is unlikely to receive your IP that way any way, most of the time it is just verification to the mail server that you are who you are claiming to be.
Use a secure e-mail provider, ideally from a computer that isn’t on your production network, that way, you can’t accidentally leak your real IP.
Ditch Google. You don’t need Google.