Bug 288928

Summary: "Default domain" preset reveals local hostname
Product: [Applications] kmail2 Reporter: Bernd Oliver Sünderhauf <pancho.s>
Component: config dialogAssignee: kdepim bugs <kdepim-bugs>
Status: RESOLVED UNMAINTAINED    
Severity: normal    
Priority: NOR    
Version: 4.7   
Target Milestone: ---   
Platform: Ubuntu   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Bernd Oliver Sünderhauf 2011-12-13 23:28:09 UTC
Version:           4.7 (using KDE 4.7.3) 
OS:                Linux

The preset "Default domain" is also used for the "Message-ID" header of all mails, even if the complete address has been given. This means that the local hostname is revealed within the email header, which is an unexpected breach of privacy and possibly security.

A "Default domain" like "example.com" presets the addressees domain, so if only "marc" is given as addressee, the mail is sent to "marc@example.com".
This is an advanced setting useful for some special requirements, especially within large companies or institutions. In most other environments, especially for private users that don't host their own domain on their local network, this makes no sense but will usually make no harm either.

Reproducible: Always

Steps to Reproduce:
Check the "Default domain" setting within the configure->sending dialogue. Whenever the PC you're working on is not part of a corporate network, you will see just your hostname.

Actual Results:  
Now write an eMail e.g. to yourself, look into the Inbox and view the complete message header of your email. You will find your hostname in the "Message-ID" field. Every other addressee would either.

Expected Results:  
I'm not sure whether it is necessary and/or makes sense to use the preset "Default domain" for "Message-ID" headers. But even if it does, the "Default domain" shouldn't be preset with the local hostname upon installation. Rather it should be empty by default.

See also:
- http://bugs.kde.org/show_bug.cgi?id=19088#c3
- http://bugs.kde.org/show_bug.cgi?id=146510
asking for a Default domain setting on a per Identity basis (as in Eudora).
Comment 1 Denis Kurz 2016-09-24 18:22:59 UTC
This bug has only been reported for versions before 4.14, which have been unsupported for at least two years now. Can anyone tell if this bug still present?

If noone confirms this bug for a Framework-based version of kmail2 (version 5.0 or later, as part of KDE Applications 15.12 or later), it gets closed in about three months.
Comment 2 Denis Kurz 2017-01-07 22:11:30 UTC
Just as announced in my last comment, I close this bug. If you encounter it again in a recent version (at least 5.0 aka 15.08), please open a new one unless it already exists. Thank you for all your input.