Kitz Forum
Chat => Tech Chat => Topic started by: tickmike on October 19, 2016, 03:30:25 PM
-
Protecting Your Privacy In Email Headers from your own emails (these are not the company/firms emails) !.
My Daughter has started her First job and she gets free accommodation with Free high speed internet access via the firms internal Ethernet LAN feed to an access point in her flat and I would think the Ethernet LAN feeds there admin and all other offices/shops also other employees accommodation/flats.
I could see there feed comes through a 'pfsence' Hardware Firewall. ;D
My wife and I have just been to see her and help with some diy in her flat and I set her laptop up for the internet use and set her emails up to use an outgoing SMTP server via gmail.com (The emails send and recieve ok ).
I did a speed test and got 36Mbps down and 20 up ping 11ms .
Checking her laptops Network IP address / Gateway and DNS settings I noticed the DNS and Gateway where different and it looks like it's DNS server is the the mail server for this firm ! :o
Something odd there. :hmm:
With my own Hardware Network firewall the 'Gateway' and 'DNS' are the IP's of the firewalls and not a mail servers !.
I sent some emails to herself to test they sent and received also some to my home email address.
To day I have been looking at the emails I sent to my email address at home and I am not very happy for they are advertising what place she works in her private emails and it only took less that 30 seconds googling to find out where she is from by the email headers, that is not acceptable in this day and age. >:D
I can see in the mail headers 'mail.?firm.net' (the firms name where she is removed)
The website for the firm and all there Ethernet LAN is handled via another IT. company.
Do you think I should contact this IT firm and ask if there setting are correct .?
-
Hi tickmike
I hope you don't mind, but personally I see nothing wrong with the setup or email headers
I presume, as she is using gmail, the gmail mail server is listed, so the mail.firm.url has to be the PTR on the IP address used by her connection.
I am thinking you gained the address from a Whois on the domain name as a Whois on the IP address should only show who owns the cidr range
This to me in not a security breach, as an electrol search on her, would reveal an address and there are other ways to find someone's address
Many thanks
John
-
This to me in not a security breach, as an electrol search on her, would reveal an address and there are other ways to find someone's address
It won't if she's opted out of the open register (https://www.gov.uk/electoral-register/opt-out-of-the-open-register)
-
If using a local email client then I am not surprised that the public IP address of the client appears in the headers. But as with so many things, I am not an expert, may stand corrected. :)
But if that is correct, if using gmail, and you want privacy, I would have thought that using the online webmail service rather than local client might help?
Regarding resolution to geographic address, remember that Google know the precise map coordinates of pretty much every WiFi AP in most of the world. They can also have a good guess at the IP address associated, at any moment in time, with each AP. Basically, every time you breathe on the Internet, if you are directly or indirectly using their services, Google can pinpoint you to within a few feet.
Of course, Google are a pillar of society in the world of technology, who only have our best interests at heart, and they would never share what they know about us with their trusted partners. We have nothing to worry about. :D
-
OK Let me try and explain a bit better as I have not in my first post.
She has used a gmail SMTP server for sending emails for a long time while away from home at uni and has no problem with it. It Is Not The Problem !. Forget about gmail.
1. She works for a firm lets say is called 'ThisFirm'.
2. While at my daughters in the flat provided by 'ThisFirm'.
3. Using her laptop with the internet provided by 'ThisFirm'.
4. I send myself an email (to test her emails work ok ).
5. Today I am now back at home so I read the email. Looks ok !.
6. I now look at the 'email message source' clearly IT SHOWS THE 'ThisFirm's name
If 'ThisFirm' is giving it's staff the free use of it's internet connection it should Not be putting the firms name on the staffs Private emails .
There is something wrong with the way they have set up the internet connections for the staff.
-
Sorry, my simplistic view would be that it's their internet it's their rules.
-
Hi
Many thanks, and yes, I understood I thought your first post
What is not clear, when you say putting firms name on private emails
Where and how are you seeing this
I assume from the header details, showing thusfirms IP address and corresponding PTR (RDNS), which because thisfirm runs a mail server, happens to be the same IP address and therefore your seeing the Rdns showing thisfirm domain as mail.thisfirm.url, which is a requirement of RFC
If you could post the header details but change identifiable info for thisfirm, that would help, but usually all mail servers would not strip any header details
Many thanks
John
-
If 'ThisFirm' is giving it's staff the free use of it's internet connection it should Not be putting the firms name on the staffs Private emails .
Why not, unless they promise not in their T&C?
Anybody providing any services on the Internet will be expecting a payback, else why would they bother? The payback may simply be good client relations but more usually, the payback comes from selling email and IP addresses to spammers trusted partners.
I think the whole thing is deplorable, but it is not illegal.
-
I use 'Thunderbird' email browser and I can highlight any email and go to 'view' then 'message source' and see all the details for that email.
on one of the details it says
'Received: from localhost.localdomain (mail.ThisFirm.net. [xxx.xx.xxx.202])'
When my daughter was working as an 'Interm' at a firm in Chester last year, she used there internet feed and it did not put the firms name on her private emails.
On those emails message source it says
Received: from localhost.localdomain (xx.xxx.xx.99.dynamic.dsl.as9105.com. [xx.xxx.xx.1])
Now on my daughters laptop used in her new flat on the firms LAN IP = 10.255.156.223, Gateway of 10.255.156.1 DNS 10.255.156.2
Should the gateway and DNS be the same ?.
She does not want the firms name in her private email detail source, eg say if she wanted to apply for a new job via her emails, if someone knew how to look at the emails details they could work out where she works now.
-
Why not, unless they promise not in their T&C?
There was no T&C :o
-
You could use a different SMTP server with an encrypted and tamper-proof connection to it (SSL or similar). This is available with the email service I use which only costs about £10-20 per year (for a group of ten mailboxes and a reasonable storage allowance).
-
I know it was only an example but don't most people list where they work now in their CV.
Would using a VPN get around the issue?
-
Hi
Many thanks for the example
The company are not adding their details into email
It is the external IP address has an rdns of mail,thisfirm.url, and not a default rdns as your second example
Many thanks
John
-
Hi
Sorry, I also meant to answer your second question over IP settings on her lan
Those are fine, and yes, the DNS IP address can be any IP which runs a DNS server, e.g. 8.8.8.8 (Google DNS) etc...
Also, the lan IP could be different from the gateway IP as well as DNS IP, depending upon how the lan has been setup
Many thanks
John
-
I know it was only an example but don't most people list where they work now in their CV.
It's also telling the world where she lives and That is our main concern as a parent.
Would using a VPN get around the issue?
How ?,
To ? !. :hmm:
-
Hi
Many thanks for the example
The company are not adding their details into email
It is the external IP address has an rdns of mail,thisfirm.url, and not a default rdns as your second example
Many thanks
John
The laptop is using DHCP for IP address, Do you think if I set it to static and use the same IP but try the Gateway IP for DNS. ?
Thinking about this you say 'external IP address has an rdns' so the above will be no good !.
I did try to view the Gateway IP address in a web browser and it seems to bring a 'ThisFirm's web page up.
I then did the same with the DNS IP address and got a 'login' page for there internal mail server :o .
I can access the laptop via 'Teamviewer' from home.
Not sure taking it up with the 'ThisFirm' is a good idea, what if I took it up with the I.T. firm ?, or just forget about it. :(
-
Hi tickmike
Personally, I would forget about it.
Yes, the rdns (PTR) is on the external IP address and the only reason it is showing mail.thisfirm.url is because they use a mail server on that IP address
I would use sevenlayer advice if you feel it is a security risk - i.e. Use webmail for gmail, then the headers would only show it was sent using webmail
I would not bother with VPN, as your IP may still be viewable (our billing platform attempts to detect VPN users and we stop the sale going through), but also, the internal network maybe set to not pass through or block unauthorised VPN - on our networks we do this
Many thanks
John
-
How many of the recipients of her emails will be looking at the headers, how many will even know how to look at the headers. I think she will face many more dangers in life than somebody knowing where she works.
-
Hi licquorice
She also lives at the premises
You raise a valid point though and another valid point is tickmike knows she lives at premises, whereas I suspect not many people would know this, so the address been known for where the email originated from, is not of much use, given that most people do not have a mail server at their home address
Many thanks
John
-
Hi licquorice
She also lives at the premises
You raise a valid point though and another valid point is tickmike knows she lives at premises, whereas I suspect not many people would know this, so the address been known for where the email originated from, is not of much use, given that most people do not have a mail server at their home address
Many thanks
John
She lives at an address owned by the company, not necessarily the address of the company.
-
I think the best solution would be to have gmail's page bookmarked and allow cookies for it. So just clicking the bookmark will take her in to gmail's webmail hub.
I've noticed a few years ago when I was using the BT Home Hub with its set dns that even though I had changed the dns on the computer, for some reason the hub dns took priority, which was unusual (since I got rid of the HH I've been able to set my own dns). So on some setup's they must be able to add their details in to any program going through their network.
If you use the webmail service then it shouldnt be in the email header. Maybe get her to send an email via the gmail website and look at the header information to see if the company name is in.
-
Hi tickmike
Personally, I would forget about it.
It is difficult .
Yes, the rdns (PTR) is on the external IP address and the only reason it is showing mail.thisfirm.url is because they use a mail server on that IP address
I can not get my head around why the laptop network settings are showing it is using there mail server for DNS :o
What if I change it to use say Open DNS or even 8.8.8.8 googles DNS servers.
@Bowdon re' Maybe get her to send an email via the gmail website and look at the header information to see if the company name is in.'
I will get her to try that.
----------------------------------------------------------------------------------------------
On her laptop I have an automatic back up system to my server at home and that sends me an email using 'sendEmail' via the comand line, looking at one of them at the headers/source code I can also see the rDNS company name on that as well >:D.
-
Hi tickmike
Sorry, you cannot change or stop the rdns and changing DNS settings, will make no difference
You can have lots of services running on the same server, DNS, email hosting etc... and all using the same external IP address, as they use different ports
Many thanks
John
-
Hi
@bowden - diverting DNS is not the same as injecting or adding additional headers to email. On the HH, you can change the dns to use another DNS other then bt.
To be fair, if you run your own mail server, depending upon the mail software, you can strip or add information to the headers. We do this when email passes through our filters, and is used to help with issues or reasons for email been spammed/not sent etc
@weaver - all mail platforms should use TLS 1.2. SSL is deprecated and stopped late last year/earlier this year. Your email client will negotiate the exact encryption to be used, and mail platforms, if setup correctly, should always attempt to use the highest encryption available from the email client
Many thanks
John
-
Hi
@bowden - diverting DNS is not the same as injecting or adding additional headers to email. On the HH, you can change the dns to use another DNS other then bt.
No you can't. Maybe on a Business HH but definitely not on a Residential HH.
-
Hi dray
Many thanks
You definitely can on businessHH
I have no experience of residential HH
Many thanks
John
-
I got my daughter to try 1. Eclipse web mail and 2. gmail web mail, there was NO details of the firm in the message source data when I viewed the data .
Is this expected ?.
We are with Eclipse (Kcom) at home .
-
Hi tickmike
Yes, that is expected
Your external IP used to access webmail, is logged in the hosting server, but your email sent using webmail, is using one of the hosting external IP addresses, and your headers will reflect that the email has been sent using webmail.
Many thanks
John