

Email IP Leak Test - boianmihailov
http://emailleaktest.com/

======
amrek
Another site to test email IP leaks:
[http://emailipleak.com/](http://emailipleak.com/)

Aside from basic IP leaks, you can also test for other privacy leaks at:
[https://emailprivacytester.com/](https://emailprivacytester.com/)

Featured in: [http://www.ghacks.net/2014/05/25/test-email-account-
privacy-...](http://www.ghacks.net/2014/05/25/test-email-account-privacy-
leaks/)

~~~
rasengan
The emailleaktest site linked by OP is a word for word down to the privacy
policy blatant copy of [http://emailipleak.com](http://emailipleak.com) which
we made. Not sure why this is hacker news front page worthy.

~~~
tombrossman
Wow, it sure is. The subject is HN worthy but I'd hope a moderator would edit
the submission to point at your site instead.

And send GoDaddy a DMCA takedown notice for this copycat site. It was just
registered a few days ago and given that they shamelessly ripped your content
off, I'd have serious reservations about trusting them with my data.

------
drdaeman
Guess it would be worth mentioning how to spoof initial Received header for
those who self-host their email and run Postfix as their MSA/MTA:
[https://www.void.gr/kargig/blog/2013/11/24/anonymize-
headers...](https://www.void.gr/kargig/blog/2013/11/24/anonymize-headers-in-
postfix/)

Notice: This works when you have a separate MSA (submission) service listening
on a separate port (587 by default), which is a proper approach; not when you
send to MTA on port 25.

~~~
drdaeman
Not like I care about karma, but I see downvotes and I don't know what's wrong
with my comment. That makes me curious.

I have a self-hosted email, my MUA machine's IP was logged in headers (and
there's no particular reason for it to be there), so I googled for a bit,
found a satisfying solution among others, and decided to share it. Is there
anything wrong with that?

~~~
marrs
Nope. Maybe someone clicked the wrong button by accident. Or maybe they're
just rude. I often find that many of the most interesting comments on this
site are the most downvoted, so if I were you I'd take some pride in your
downvote.

------
powertower
You can strip the sender's entire connection from the Headers in the email,
and make it look like your SMTP server originated the mail...

With sendmail redefine RECEIVED_HEADER in sendmail.mc:
_define(`confRECEIVED_HEADER ',`by $j ($v/$Z)$?r with $r$. id $i; $b')dnl_

I've been using this to get around the spam filters when sending emails to my
clients from my residential IP.

[http://www.devside.net/wamp-server/removing-senders-ip-
addre...](http://www.devside.net/wamp-server/removing-senders-ip-address-from-
emails-received-from-header)

------
axvf
If you run a website behind cloudflare it's worth looking into Email IP leaks.

Sometimes simply registering at a website and looking at the registration
confirmation email headers can reveal its real IP.

------
mike-cardwell
I don't know if their MTA is currently having problems, but it took my MTA 12
minutes to deliver the message to theirs. When I telnet to them on port 25 the
welcome banner doesn't seem to appear.

If they're using some form of artificial delays or greylisting, that's all
well and good, but it's not really suitable for this sort of service. I
imagine a lot of people would get bored of waiting and just leave.

------
wazari972
My Thunderbird (v31) appears to leak my IP address ... or is it my Postfix
server? anyway, it sounds bad regarding anonymity. Is it a configuration
problem? my university lab email service has the same issue, so I guess it's a
standard configuration ... ? (my mail server says it's Postfix who handled the
mail, the one from the lab doesn't leak that)

~~~
reidrac
It is the server by adding the "Received: from ..." header, not Thunderbird
fault. It is indeed a standard configuration.

------
PanMan
You (the person who created this :)) should update the link to the email
address to include a target for the mailto: link to a new tab: I use Gmail
(for domains) and the mailto link opened in the same window, closing the page
(which should stay open, it says).

------
bowietrousers
"You are connecting from IP address: 10.56.111.24, 127.0.0.1"

Err, RFC 1918 anyone?

------
iamben
So Gmail doesn't leak anything, but a Gmail Apps account does? Anyone know
why?

------
boianmihailov
I am using a VPN all the time to get some level of privacy, today I was
stunned by the amount of information my email client is "sharing" with the
rest of the world. Crazy ...

------
ucho
Looks like a great way to harvest active email addresses.

~~~
jbrooksuk
They'd be breaking the Privacy Policy if they were;
[http://emailleaktest.com/privacy.html](http://emailleaktest.com/privacy.html)

~~~
wmt
Oh no, not the Privacy Policy!

Seriously though, the presence of a privacy policy gives little comfort when
both the website and the Privacy Policy are very careful not to identify who
is hosting that domain with Godaddy.

------
munin
what's funny about this is that if you use google mail through the web
browser, you can't do email signing or encryption, but your IP address isn't
visible to the person you send mail to. but, if you use a 3rd party MUA so
that you can use signing and encryption, then your IP address is visible.

------
Glan1984
Nice try, I'm not going to "leak" my ip to emailleaktest.com. Good effort
though.

------
bigbugbag
smart way to collect a huge list of valid email. This list is probably worth a
bunch of $ .

~~~
2ion
For testing things like this using a throwaway address would appear to be the
obvious choice.

~~~
gpvos
That's not trivial with my current email provider, which is something I would
like to test.

------
deweller
Seems to be down or overloaded this morning. After 5 minutes the page did not
update for me.

~~~
deweller
I went to breakfast and came back and it had refreshed by then.

------
jbrooksuk
Spelling mistake spotted; "automaticly" should be "automatically".

~~~
peterdmare
Spelling mistakes? "Automaticly" is a much better phonetic representation of
what is pronounced. What is right is actually wrong! What is wrong is right!

------
comlonq
So I have to click a mailto link rather than letting me copy and paste the
email address? I don't have a mail client set up on this machine. Good one....

~~~
mike-cardwell
I right clicked it and selected "Copy Email Address". In Firefox.

~~~
comlonq
Don't make me think... I should be able to copy and paste without any browser
tricks or viewing the source.

~~~
wereHamster
Right click on a link to copy the url or email address is not a browser trick.

