Email IP Leak Test (opens in new tab)

(emailleaktest.com)

35 pointsboianmihailov11y ago36 comments

36 comments

35 comments · 17 top-level

amrek11y ago· 4 in thread

Another site to test email IP leaks: http://emailipleak.com/

Aside from basic IP leaks, you can also test for other privacy leaks at: https://emailprivacytester.com/

Featured in: http://www.ghacks.net/2014/05/25/test-email-account-privacy-...

rasengan11y ago

The emailleaktest site linked by OP is a word for word down to the privacy policy blatant copy of http://emailipleak.com which we made. Not sure why this is hacker news front page worthy.

tombrossman11y ago

Wow, it sure is. The subject is HN worthy but I'd hope a moderator would edit the submission to point at your site instead.

And send GoDaddy a DMCA takedown notice for this copycat site. It was just registered a few days ago and given that they shamelessly ripped your content off, I'd have serious reservations about trusting them with my data.

wmt11y ago

Not word for word! Unlike your website, the carbon copied site is extremely careful not to reveal anything about the people behind.

mike-cardwell11y ago

They should have just cloned https://emailprivacytester.com/ instead. The code is available for download on github.

comlonq11y ago· 4 in thread

So I have to click a mailto link rather than letting me copy and paste the email address? I don't have a mail client set up on this machine. Good one....

mike-cardwell11y ago

I right clicked it and selected "Copy Email Address". In Firefox.

comlonq11y ago

Don't make me think... I should be able to copy and paste without any browser tricks or viewing the source.

1 more reply

malka11y ago

They heard you. You can now copy-paste the e-mail adress.

comlonq11y ago

Can't believe all the down votes for this!

ucho11y ago· 3 in thread

Looks like a great way to harvest active email addresses.

jbrooksuk11y ago

They'd be breaking the Privacy Policy if they were; http://emailleaktest.com/privacy.html

wmt11y ago

Oh no, not the Privacy Policy!

Seriously though, the presence of a privacy policy gives little comfort when both the website and the Privacy Policy are very careful not to identify who is hosting that domain with Godaddy.

GrinningFool11y ago

Far as I know, the binding nature of a site's privacy policy hasn't been conclusively determined - some courts have held it to be a binding contract, but others have held it to be a statement of company policy.

The only real consequence would seem to be loss of good will - but if their goal was to gather as many email addresses as possible in a short time, then that wouldn't really matter.

drdaeman11y ago· 2 in thread

Guess it would be worth mentioning how to spoof initial Received header for those who self-host their email and run Postfix as their MSA/MTA: https://www.void.gr/kargig/blog/2013/11/24/anonymize-headers...

Notice: This works when you have a separate MSA (submission) service listening on a separate port (587 by default), which is a proper approach; not when you send to MTA on port 25.

drdaeman11y ago

Not like I care about karma, but I see downvotes and I don't know what's wrong with my comment. That makes me curious.

I have a self-hosted email, my MUA machine's IP was logged in headers (and there's no particular reason for it to be there), so I googled for a bit, found a satisfying solution among others, and decided to share it. Is there anything wrong with that?

marrs11y ago

Nope. Maybe someone clicked the wrong button by accident. Or maybe they're just rude. I often find that many of the most interesting comments on this site are the most downvoted, so if I were you I'd take some pride in your downvote.

bigbugbag11y ago· 2 in thread

smart way to collect a huge list of valid email. This list is probably worth a bunch of $ .

2ion11y ago

For testing things like this using a throwaway address would appear to be the obvious choice.

gpvos11y ago

That's not trivial with my current email provider, which is something I would like to test.

wazari97211y ago· 1 in thread

My Thunderbird (v31) appears to leak my IP address ... or is it my Postfix server? anyway, it sounds bad regarding anonymity. Is it a configuration problem? my university lab email service has the same issue, so I guess it's a standard configuration ... ? (my mail server says it's Postfix who handled the mail, the one from the lab doesn't leak that)

reidrac11y ago

It is the server by adding the "Received: from ..." header, not Thunderbird fault. It is indeed a standard configuration.

deweller11y ago· 1 in thread

Seems to be down or overloaded this morning. After 5 minutes the page did not update for me.

deweller11y ago

I went to breakfast and came back and it had refreshed by then.

jbrooksuk11y ago· 1 in thread

Spelling mistake spotted; "automaticly" should be "automatically".

peterdmare11y ago

Spelling mistakes? "Automaticly" is a much better phonetic representation of what is pronounced. What is right is actually wrong! What is wrong is right!

powertower11y ago

You can strip the sender's entire connection from the Headers in the email, and make it look like your SMTP server originated the mail...

With sendmail redefine RECEIVED_HEADER in sendmail.mc: define(`confRECEIVED_HEADER',`by $j ($v/$Z)$?r with $r$. id $i; $b')dnl

I've been using this to get around the spam filters when sending emails to my clients from my residential IP.

http://www.devside.net/wamp-server/removing-senders-ip-addre...

axvf11y ago

If you run a website behind cloudflare it's worth looking into Email IP leaks.

Sometimes simply registering at a website and looking at the registration confirmation email headers can reveal its real IP.

mike-cardwell11y ago

I don't know if their MTA is currently having problems, but it took my MTA 12 minutes to deliver the message to theirs. When I telnet to them on port 25 the welcome banner doesn't seem to appear.

If they're using some form of artificial delays or greylisting, that's all well and good, but it's not really suitable for this sort of service. I imagine a lot of people would get bored of waiting and just leave.

PanMan11y ago

You (the person who created this :)) should update the link to the email address to include a target for the mailto: link to a new tab: I use Gmail (for domains) and the mailto link opened in the same window, closing the page (which should stay open, it says).

bowietrousers11y ago

"You are connecting from IP address: 10.56.111.24, 127.0.0.1"

Err, RFC 1918 anyone?

iamben11y ago

So Gmail doesn't leak anything, but a Gmail Apps account does? Anyone know why?

boianmihailovOP11y ago

I am using a VPN all the time to get some level of privacy, today I was stunned by the amount of information my email client is "sharing" with the rest of the world. Crazy ...

munin11y ago

what's funny about this is that if you use google mail through the web browser, you can't do email signing or encryption, but your IP address isn't visible to the person you send mail to. but, if you use a 3rd party MUA so that you can use signing and encryption, then your IP address is visible.

Glan198411y ago

Nice try, I'm not going to "leak" my ip to emailleaktest.com. Good effort though.

j / k navigate · click thread line to collapse

36 comments

35 comments · 17 top-level

amrek11y ago· 4 in thread

Another site to test email IP leaks: http://emailipleak.com/

Aside from basic IP leaks, you can also test for other privacy leaks at: https://emailprivacytester.com/

Featured in: http://www.ghacks.net/2014/05/25/test-email-account-privacy-...

rasengan11y ago

The emailleaktest site linked by OP is a word for word down to the privacy policy blatant copy of http://emailipleak.com which we made. Not sure why this is hacker news front page worthy.

tombrossman11y ago

Wow, it sure is. The subject is HN worthy but I'd hope a moderator would edit the submission to point at your site instead.

wmt11y ago

Not word for word! Unlike your website, the carbon copied site is extremely careful not to reveal anything about the people behind.

mike-cardwell11y ago

They should have just cloned https://emailprivacytester.com/ instead. The code is available for download on github.

comlonq11y ago· 4 in thread

So I have to click a mailto link rather than letting me copy and paste the email address? I don't have a mail client set up on this machine. Good one....

mike-cardwell11y ago

I right clicked it and selected "Copy Email Address". In Firefox.

comlonq11y ago

Don't make me think... I should be able to copy and paste without any browser tricks or viewing the source.

1 more reply

malka11y ago

They heard you. You can now copy-paste the e-mail adress.

comlonq11y ago

Can't believe all the down votes for this!

ucho11y ago· 3 in thread

Looks like a great way to harvest active email addresses.

jbrooksuk11y ago

They'd be breaking the Privacy Policy if they were; http://emailleaktest.com/privacy.html

wmt11y ago

Oh no, not the Privacy Policy!

Seriously though, the presence of a privacy policy gives little comfort when both the website and the Privacy Policy are very careful not to identify who is hosting that domain with Godaddy.

GrinningFool11y ago

The only real consequence would seem to be loss of good will - but if their goal was to gather as many email addresses as possible in a short time, then that wouldn't really matter.

drdaeman11y ago· 2 in thread

Notice: This works when you have a separate MSA (submission) service listening on a separate port (587 by default), which is a proper approach; not when you send to MTA on port 25.

drdaeman11y ago

Not like I care about karma, but I see downvotes and I don't know what's wrong with my comment. That makes me curious.

marrs11y ago

bigbugbag11y ago· 2 in thread

smart way to collect a huge list of valid email. This list is probably worth a bunch of $ .

2ion11y ago

For testing things like this using a throwaway address would appear to be the obvious choice.

gpvos11y ago

That's not trivial with my current email provider, which is something I would like to test.

wazari97211y ago· 1 in thread

reidrac11y ago

It is the server by adding the "Received: from ..." header, not Thunderbird fault. It is indeed a standard configuration.

deweller11y ago· 1 in thread

Seems to be down or overloaded this morning. After 5 minutes the page did not update for me.

deweller11y ago

I went to breakfast and came back and it had refreshed by then.

jbrooksuk11y ago· 1 in thread

Spelling mistake spotted; "automaticly" should be "automatically".

peterdmare11y ago

Spelling mistakes? "Automaticly" is a much better phonetic representation of what is pronounced. What is right is actually wrong! What is wrong is right!

powertower11y ago

You can strip the sender's entire connection from the Headers in the email, and make it look like your SMTP server originated the mail...

With sendmail redefine RECEIVED_HEADER in sendmail.mc: define(`confRECEIVED_HEADER',`by $j ($v/$Z)$?r with $r$. id $i; $b')dnl

I've been using this to get around the spam filters when sending emails to my clients from my residential IP.

http://www.devside.net/wamp-server/removing-senders-ip-addre...

axvf11y ago

If you run a website behind cloudflare it's worth looking into Email IP leaks.

Sometimes simply registering at a website and looking at the registration confirmation email headers can reveal its real IP.

mike-cardwell11y ago

I don't know if their MTA is currently having problems, but it took my MTA 12 minutes to deliver the message to theirs. When I telnet to them on port 25 the welcome banner doesn't seem to appear.

PanMan11y ago

bowietrousers11y ago

"You are connecting from IP address: 10.56.111.24, 127.0.0.1"

Err, RFC 1918 anyone?

iamben11y ago

So Gmail doesn't leak anything, but a Gmail Apps account does? Anyone know why?

boianmihailovOP11y ago

I am using a VPN all the time to get some level of privacy, today I was stunned by the amount of information my email client is "sharing" with the rest of the world. Crazy ...

munin11y ago

Glan198411y ago

Nice try, I'm not going to "leak" my ip to emailleaktest.com. Good effort though.

j / k navigate · click thread line to collapse