11 December 2016

Edit E-Mail header Information in KMail

KMail is in fact a privacy friendly and safe email program. Unfortunately, KMail writes the own hostname and the user agent into the email header, which is subsequently sent to the recipient. This is unnecessary and should be changed in the configuration due to data avoidance and privacy protection.

An email consists of two parts: the header; and the actual message, the body. Email programs often hide the header because it interferes with the reading experience.

 

In the header one can find many different information: the sender's and recipient's adress, subject, copy, date and time, a message-ID (a unique email identifier), the content type (plain text or HTML), etc.

Depending on the email program more information will be written, e.g. if the email is an answer to another one, the importance (normal/high), thread topic, and other. Also more data is added on the transport route, like information about the IP address, passed mail servers, spam and virus checks.

One can have a look at the header of an email by pressing the "v"-button. Alternatively just hover with the mouse over the message, click right and select View Source. The header tags are listed on top in the Message as Plain Text. First comes the name of the tag, followed by a colon and the "value", the content of the tag.

Hostname (Computer Name), Message-ID, and Email alias

Header tags in KMail in the default configuration
Header tags in an email which was sent with the default settings. Besides, also the own IP address is sent next to the server name of the Internet service provider. The received fields are read from bottom to top. webgo, my web hosting provider, gets the email from my PC (name) via my Internet service provider. It passes the email on to Posteo, where the recipient's account is hosted.

The hostname, also computer name or PC name, is given by the user during installation of the operating system, and is mostly unique. KMail sends this name to the mail server. With that, the hostname will be written into the header of the sent email into the transport route. One can find it under the tag Received: my-hostname...[additional details about the transport route].

Furthermore the hostname serves as the suffix in the message-ID.

The message-ID assigns a unique identifier to the email, and is used for the reply function. When answering to an email, it is repeated under the tags In-Reply-To: and References:, so that the answer can be associated with the original email. Principally this is a useful function.

The message-ID consists of a string, followed by an @. Thereafter, the hostname is intended for the suffix. What is just a general indication for large mail servers like "mail.gmail.com" or "enterprise-domain.tld", which does not allow any conclusion on individuals, can be privacy sensitive while mailing from the home desktop.

Because, if next to the main email address several aliases are in use, the same (unique) hostname is shown in the header of all emails. Theoretically they can be linked, e.g. if under different email addresses emails are sent to the same server much used provider (e.g. Gmail). Even if that's theory, the purpose of aliases is undermined with the entry of the hostname in the header fields.

Besides, maybe one doesn't like to share the computer's local network name with all people, organizations, institutions and shops or with whom ever she*he has email communication. Since a computer can have several names, the original one can be replaced easily and comfortably in KMail's configuration settings.

Set a custom hostname to send to the server in the SMTP account coniguration in KMail
SMTP configuration in KMail in Kubuntu 14.04. Check the box "Send custom hostname to server".

To overwrite the own hostname in the header, one has to change the configuration at two places:

Custom Hostname: under Settings → Configure KMail → Accounts → Sending choose the outgoing account, click Modify and under Advanced give a common hostname like "kmail.localnet", "localmail" or similar.

Message-ID: under Settings → Configure KMail → Composer → Headers activate the checkbox Use custom message-id suffix. Just fill in a name like above.

User Agent - Information about the Operating system

Edit own header tags in KMail
The header fields can be overwritten in the Composer settings. In the example KMail in the new look with KDE Plasma 5 in Linux Mint 18.

The user agent tag is entirely superfluous in the header. KMail specifies which version it uses, which version of the Linux kernel is used, and if it is a 32 or 64 bit system. In most emails this tag is generally not set; and since it serves no special purpose, it can as well be overwritten in order to enhance privacy. It is not possible to delete it completely.

You can overwrite the tag on the same tab as on the message-ID, under Settings → Configure KMail → Composer → Headers. There click New to Define custom mime header fields. On the bottom of the tab you find the Name and Value fields. The name is "User-Agent", to overwrite the existing one. The value can be a whitespace, or just KMail, or something similar.

In newer KMail versions - from KMail 5.4.0 on - the User Agent tag will not be used anymore.

Conclusion - one step to more privacy

Check the privacy friendly settings in viewing message as plain text
Email header with more privacy friendly entries. By the way, if one takes a closer look, one sees that the email provider Posteo overwrites the IP address of the sender with "customer 127.0.0.1". Another piece of privacy which can only be given by the provider. So look for the feature "IP stripping" when choosing a provider!

With that, KMail is configured more privacy friendly. Although in most email clients headers are not shown by default, that can be changed with a click. With the use of aliases header information should not leak the hostname.

Changing header information is only part of the cake. For a truly privacy friendly email communication also other technics are important: encryption, a careful choice of the provider, and of course the own behavior - the use of aliases, not to fall into the trap of pishing mails (don't believe the header tags:), show HTML as plain text, don't let emails load resources from the Internet, etc.

Here I wrote a tutorial to set up a Posteo account with KMail, including TLS encryption.

Note: The overwriting of the hostname and user agent is about privacy, not about anonymity.

Tested with Kubuntu 14.04 and Linux Mint 18 (should apply vice versa to Kubuntu 16.04 and Linux Mint 17).

 

 

→ →→

 

Add new comment