LAN IPs on Mail.app Email Headers

·

Dear Apple,

please explain why is my computer (added to not be mistaken with the router’s IP) LAN IP address showing on the email headers of the mails I send with Mail.app.

Thanks!

Bellow, in red, my computer’s private LAN IP Address. In green my Router’s Public/WAN IP address which is “normal” to be included on most email headers.

Return-Path: <rsaramago@gmail.com>
Received: from ?XX.XX.XX.XX? (pa6-XX-XX-XXX-XXX.netvisao.pt [XX.XX.XXX.XXX])
 by mx.google.com with ESMTPS id 7sm502355eyb.8.2009.11.13.01.07.07
 (version=TLSv1/SSLv3 cipher=RC4-MD5);
 Fri, 13 Nov 2009 01:07:08 -0800 (PST)
Subject: Teste
Mime-Version: 1.0 (Apple Message framework v1077)
Content-Type: multipart/alternative; boundary=Apple-Mail-1-623152288
From: Ricardo Saramago <rsaramago@gmail.com>
To: Testy McTest <test@test.pt>
X-Mailer: Apple Mail (2.1077)

Update: I’ve clarified some descriptions above after some user comments, I realized that It wasn’t clear what IPs I was referring to.

It seems that this is common on most email clients, except for Outlook. This “issue” triggered my attention when I was looking into the mail headers from a mail I sent from Mail.app in response to a mail from Outlook and they were indeed different in this aspect.

The client’s computer Local IP address and the Router’s / Firewall / Modem / whatever public IP address are added by the SMTP Server to the Envelop’s “Received” line, which it probably gets from the EHLO.

Still, this isn’t secure as it allows malicious attackers to map a victims network very easy.

Comments

5 responses to “LAN IPs on Mail.app Email Headers”

  1. Luis Silva Avatar
    Luis Silva

    hey Ricardo,

    what’s the big deal? as far as i know, this is normal behavior across most mail clients :o)

    best,
    Luis

  2. Odrakir Avatar

    Luis, most email clients send your computer’s public WAN IP address, not your private LAN IP.
    Check the mail headers on an email sent by Outlook and you won’t find the PC’s LAN IP. Seems that Thunderbird does the same as Mail.app. Weird…

  3. Odrakir Avatar

    I never said it was the Router’s IP. :S

    This is useful but it can be used to map your internal network by an attacker.

  4. Diogo Gomes Avatar

    Just to put things straigh: “…In green my Router’s Public/WAN IP address…”

    It’s true that it might constitute a security threat, and thats why some implementations break the RFC (such as the case of MS Outlook).

    SMTP is one of those way too old protocols, that were years away from thinking about security issues. It is based on best practices, and as such it expects everyone to behave 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.