To figure out a problem, I need to post mail headers on a public forum, I read What information can be gained from an Email Header? but I'm not sure what information can identify me personally from the headers. Just removing the email address is enough?
-
Frankly, why do you care? I use my real first and last name in this forum. Why is a question about email a concern about tying it back to you?– Steve SetherCommented Oct 9, 2015 at 20:20
-
You can spoof any email address you want.– user45139Commented Oct 9, 2015 at 20:56
-
Shouldn't this question be asked as what are the minimum email headers I can post to solve my problem? And if that's the case we don't have enough information to answer your question.– Robert MennellCommented Oct 9, 2015 at 21:46
-
@RobertMennell if you don't know what the problem is how can you determine which headers shouldn't be posted. The question has every information you need: the reason is for diagnosis of an unknown problem while keeping privacy. And no, that wouldn't solve the question.– BraiamCommented Oct 9, 2015 at 23:31
-
@Begueradj not sure why that is relevant.– BraiamCommented Oct 9, 2015 at 23:32
1 Answer
You can try using an email analyzer tool like this one to get a better sense of what kind of data is in the header. (ex. http://mxtoolbox.com/EmailHeaders.aspx) Note that when you use a tool like this that you are giving the provider of the service your header information so you will need to trust mxtoolbox.com if you decide to use the service.
Mask all URLs (x.xxxx.com) and the first three octets of any IP addresses (x.x.x.13). You can also mask, say half of the message ID and any other ID strings. Message IDs aren't going to be very useful to anyone unless a.) they know what mail server to look for, b.) they have access to the mail server, or c.) they know someone that has access to the server.
Depending on the issue, you could also try duplicating the problem using an email address and email server that is not attributed to you.
If the IP addresses and URLs are key to solving the issue then you will need to post them. In that case just simply mask any IPs and URLs that are directly attributed to you. (e.g. your email server, your company IP, etc.)
Also make sure that names and/or any other identifiable information is masked from the message content if you plan on posting that as well.