Sensitive information in email headers?

Question

If the to: email is removed, is there any senstive information in an email header?

The reason I ask is because I am starting a project (like many others) to document received spam. I plan to publish the headers (with my email and name removed).

So I am wondering if there is anyway spammers (or anyone else) could possible retrieve private information based on the header content

Thoughts?

Answer 1

Well, there's the routing path - the Received headers show which servers relayed it, together with their IP addresses. If you are worried about exposing DNS names and IP addresses there, you may want to remove them. There's also Message-ID, which should be unique at the origin server, but that is not really relevant in this case:

Delivered-To: [email protected]
Received: by 10.150.52.9 with SMTP id z9cs167242ybz; Wed, 2 Mar 2011
 01:23:55 -0800 (PST)
Received: by 10.204.123.144 with SMTP id p16mr7228369bkr.25.1299057834954;
 Wed, 02 Mar 2011 01:23:54 -0800 (PST)
Return-Path: <[email protected]>
Received: from www.example.org (www.example.org [127.25.43.2]) by
 mx.example.com with SMTP id b20si16526479bkb.8.2011.03.02.01.23.53; Wed, 02
 Mar 2011 01:23:53 -0800 (PST)
Received-SPF: unknown (example.com: domain of [email protected] uses a
 mechanism not recognized by this client. unknown  mechanisms: ))
 client-ip=89.250.243.218;
Authentication-Results: mx.example.com; spf=permerror (example.com: domain of
 [email protected] uses a mechanism not recognized by this client. unknown
  mechanisms: )) [email protected]
Received: (qmail 16028 invoked from network); 2 Mar 2011 10:23:57 +0100
Received: from unknown (HELO localhost) (127.0.0.1) by localhost with SMTP;
 2 Mar 2011 10:23:57 +0100
X-Mailer: [redacted] v3.0
X-Priority: 3
MIME-Version: 1.0
Date: Wed, 02 Mar 2011 10:23:57 +0100
Subject: [redacted]
Content-Type: multipart/alternative; boundary="=_932aa962c78a5f164be3066dcfdce0e7"
From: "[email protected]" <[email protected]>
Reply-To: [email protected]
Message-ID: <[email protected]>
To: [email protected]

So, the most relevant part would be the routing data - unless you use a hosted service where you can hide in the crowd (e.g. gMail), this could be used to guess the domain of the recipient.