[Bug 288928] New: "Default domain" preset reveals local hostname

Bernd Oliver Sünderhauf pancho at kriko.org
Tue Dec 13 23:28:09 GMT 2011 

https://bugs.kde.org/show_bug.cgi?id=288928

           Summary: "Default domain" preset reveals local hostname
           Product: kmail2
           Version: 4.7
          Platform: Ubuntu Packages
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: major
          Priority: NOR
         Component: config dialog
        AssignedTo: kdepim-bugs at kde.org
        ReportedBy: pancho at kriko.org


Version:           4.7 (using KDE 4.7.3) 
OS:                Linux

The preset "Default domain" is also used for the "Message-ID" header of all
mails, even if the complete address has been given. This means that the local
hostname is revealed within the email header, which is an unexpected breach of
privacy and possibly security.

A "Default domain" like "example.com" presets the addressees domain, so if only
"marc" is given as addressee, the mail is sent to "marc at example.com".
This is an advanced setting useful for some special requirements, especially
within large companies or institutions. In most other environments, especially
for private users that don't host their own domain on their local network, this
makes no sense but will usually make no harm either.

Reproducible: Always

Steps to Reproduce:
Check the "Default domain" setting within the configure->sending dialogue.
Whenever the PC you're working on is not part of a corporate network, you will
see just your hostname.

Actual Results:  
Now write an eMail e.g. to yourself, look into the Inbox and view the complete
message header of your email. You will find your hostname in the "Message-ID"
field. Every other addressee would either.

Expected Results:  
I'm not sure whether it is necessary and/or makes sense to use the preset
"Default domain" for "Message-ID" headers. But even if it does, the "Default
domain" shouldn't be preset with the local hostname upon installation. Rather
it should be empty by default.

See also:
- http://bugs.kde.org/show_bug.cgi?id=19088#c3
- http://bugs.kde.org/show_bug.cgi?id=146510
asking for a Default domain setting on a per Identity basis (as in Eudora).

-- 
Configure bugmail: https://bugs.kde.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the Kdepim-bugs mailing list