← Back to context

Comment by jraph

19 hours ago

> Can't even name the domains on my own damn server with an expectation of privacy now.

You never could. A host name or a domain is bound to leave your box, it's meant to. It takes sending an email with a local email client.

(Not saying, the NAS leak still sucks)

11 comments

jraph

Reply
ahoka  14 hours ago

I have internal zones in my home network and requests to resolve them never leave the private network. So no, it's not meant to.

  • jraph  13 hours ago

    "Meant to" may indeed not be really accurate.

    However, domains and host names were not designed to be particularly private and should not be considered secret, many things don't consider them private, so you should not put anything sensible in a host name, even in a network that's supposed private. Unless your private network is completely air-gapped.

    Now, I wouldn't be surprised that hostnames were in fact originally expected to be explicitly public.

zaptheimpaler  18 hours ago

I don't know much about email, but how would some random service send an email from my domain if I've never given it any auth tokens?

  • TheDong  16 hours ago

    You don't need any auth to send an email from your domain, or in fact from any domain. Just set whatever `From` you want.

    I've received many emails from `root@localhost` over the years.

    Admittedly, most residential ISPs block all SMTP traffic, and other email servers are likely to drop it or mark it as spam, but there's no strict requirement for auth.

    • flexagoon  14 hours ago

      You can, but most email providers will immediately reject your email or put it into spam because of missing DKIM/DMARC/SPF

    • prmoustache  15 hours ago

      > Admittedly, most residential ISPs block all SMTP traffic, and other email servers are likely to drop it or mark it as spam, but there's no strict requirement for auth.

      Source? I've never seen that. Nobody could use their email provider of choice if that was the case.

      4 replies →

  • jraph  18 hours ago

    It should not, but it's usual to configure random services to send mails to users, for instance for password resets, or for random notifications.

    Another thing usually sending mails is cron, but that should only go to the admin(s).

    Some services might also display the host name somewhere in their UI.