July 21, 2020 ☼ writing
Recently, I was debugging an issue with one of my domains and email. During this process, I was sending emails to myself and clicking “View original” in Gmail’s web UI to view the raw version and headers of an email.
When looking at an email that I sent with Apple Mail on macOS, this part of an email’s headers jumped out to me:
Received: from [10.x.x.x] (c-x-x-x-x.hsd1.ca.comcast.net. [x.x.x.x]) by smtp.gmail.com with ESMTPSA id redacted.48.2020.07.21.10.50.01 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
In the headers of the raw email, my full public and private IP addresses were perfectly visible! (I’ve redacted them here for my privacy.) This is an email that I sent to a totally separate inbox on a different Google account.
To make sure I wasn’t misunderstanding what was happening, I emailed my friend Jarred.
He confirmed my suspicions: every time I send an email with Apple Mail, my IP address is leaked. I’ve replicated this behavior on the latest public versions of Apple Mail for macOS and iOS.
This is scary! IP addresses roughly represent location. With my IP, you can learn what city or even what neighborhood I live in. If the email was sent from a mobile network, you can learn someone’s cell phone provider, which may aid in sim swapping. For people who want to be pseudonymous or private online, leaking this information is a privacy disaster1.
The reason why my IP address is visible is because Apple Mail sends emails with SMTP. The email is sent to Google’s SMTP relay, which ultimately delivers the email. For each stop an email makes, a
Recieved header is added to the message2. You can read these headers top to bottom to follow the trail of an email.
Nowadays, most email clients are cloud-based and don’t use SMTP to initiate an email, meaning that your IP isn’t leaked, but rather the IP of the server that sent the email. For example, using Gmail via the apps or website doesn’t reveal your IP.
So, how could this get fixed? I can think of a number of ways:
Recievedheader from an email, preserving only the Gmail internal headers and removing any other “public” headers. This breaks the SMTP spec and could cause deliverability issues for emails, but is probably the most correct option listed here. I looked at emails that I’ve received from friends that use Apple’s iCloud email service, and I don’t see their personal IPs leaked, but instead an Apple-owned IP3. If Apple Mail uses SMTP for iCloud email, then this indicates that Apple is dropping personally identifying information from SMTP headers, a practice Gmail should adopt.
Email is great, but it was designed before people thought about online privacy as the fundamental right that it is today. It would be amazing if Apple or Google put this privacy concern to bed as soon as possible.
If you like this post, please consider subscribing to my newsletter.
It is true that every website you visit has access to your IP address, but that’s still a lot less surprising than unkowingly passing along location related metadata with every personal message you send. When Superhuman matched email recipients’ IP addresses to locations, people were rightfully upset!↩
Received: from pv34p98im-redacted.me.com (pv34p98im-redacted.me.com. [188.8.131.52])↩