Closed sthesing closed 2 years ago
I understand the general idea and I think you can open a PR to change the message ID to include the sending email address after the random string. I do not see a reason why the change you describe should be problematic. In the best case it can conceal your hostname (some additional information that might otherwise not be present in the mail).
I can however not observe the format of the message ID you describe: my IDs end in @localhost
even though hostname
tells me my computer is called differently. But in my /etc/hosts I have
127.0.0.1 localhost
::1 localhost
No idea why your computer generates this message ID. I did not yet check the code.
I also read the RFC differently. I think you refer to this sentence:
The uniqueness of the message identifier is guaranteed by the host which generates it.
But how can one host guarantee uniqueness across all messages that are generated globally? That is theoretically impossible, so I understand this as "the uniqueness (among all messages generated by this host) of the message identifier ...".
You are of course right that appending the host name only helps to generate uniqueness if every computer has a unique hostname. And this is not true for personal computers today.
I would however argue that the uniqueness is only needed in a practical sense and the current scheme is as effective as the proposed.
I understand the general idea and I think you can open a PR
I fear my Python skills aren't sufficient to do just that. I did have a look at the code, though and found the following:
construct_mail
in alot/db/envelope.pyAccount
sets None
as the default for its attribute message_id_domain
. So I guess that would be the place to change things.There is also the file defaults/alot.rc.spec
. I have no idea what *.spec
files do. As I said, my Python is limited.
The message_id_domain
attribute made me aware of something that I had overlooked in the user guide and that's a perfect workaround.
In your alot config file add
message_id_domain = example.com
to your settings for each account, replace example.com
as needed.
Sorry I overlooked that. As far as I'm concerned as a user, this issue can be closed.
Aha, the message_id_domain is something I'd missed to and wanted to stop my hostname being included in my outgoing mails.
Couldn't this could be generated from the domain name of the outgoing FROM: header though?
@kbingham you can follow the above arguments and make a PR to change the default if the setting is not present in the config file. I will close this as @sthesing said but you can still pursue this if you want.
@sthesing the spec file is not specific to python, it is specific to the config parsing library we are using. It is used to validate the config file. The file extension is arbitrary, the syntax is the same as for the config file (similar as you can write json specs in json).
Alot appends the local hostname to the Message-ID.
If a user called their machine "bobsnewcomputer", the message IDs of email messages sent by alot consist of some random hash followed by
@bobsnewcomputer
.Not only doesn't this help to achieve the purpose of message ids: uniqueness (cf. RFC822), it also exposes potentially private information.
Software Versions
To Reproduce Steps to reproduce the behaviour:
Proposal
W3C considers it best practice to format message ids as:
<something unique within the machine, like a timestamp>@<internet domain name of the host>
.That's what Thunderbird does, for example:
8BF8CF7C-5FA3-4480-9968-DCDBC7788724@example.net
In times of mail providers with millions of users, the domain name alone is probably very unique. But since the sender address is known to anyone having access to the message, a message id like
<some randomnumber>.<senderadress>
e.g.8BF8CF7C-5FA3-4480-9968-DCDBC7788724.bob@example.net
shouldn't cause any privacy concerns.