Email IP Leak Test
emailleaktest.comAnother site to test email IP leaks: http://emailipleak.com/
Aside from basic IP leaks, you can also test for other privacy leaks at: https://emailprivacytester.com/
Featured in: http://www.ghacks.net/2014/05/25/test-email-account-privacy-...
The emailleaktest site linked by OP is a word for word down to the privacy policy blatant copy of http://emailipleak.com which we made. Not sure why this is hacker news front page worthy.
Wow, it sure is. The subject is HN worthy but I'd hope a moderator would edit the submission to point at your site instead.
And send GoDaddy a DMCA takedown notice for this copycat site. It was just registered a few days ago and given that they shamelessly ripped your content off, I'd have serious reservations about trusting them with my data.
Not word for word! Unlike your website, the carbon copied site is extremely careful not to reveal anything about the people behind.
They should have just cloned https://emailprivacytester.com/ instead. The code is available for download on github.
Guess it would be worth mentioning how to spoof initial Received header for those who self-host their email and run Postfix as their MSA/MTA: https://www.void.gr/kargig/blog/2013/11/24/anonymize-headers...
Notice: This works when you have a separate MSA (submission) service listening on a separate port (587 by default), which is a proper approach; not when you send to MTA on port 25.
Not like I care about karma, but I see downvotes and I don't know what's wrong with my comment. That makes me curious.
I have a self-hosted email, my MUA machine's IP was logged in headers (and there's no particular reason for it to be there), so I googled for a bit, found a satisfying solution among others, and decided to share it. Is there anything wrong with that?
Nope. Maybe someone clicked the wrong button by accident. Or maybe they're just rude. I often find that many of the most interesting comments on this site are the most downvoted, so if I were you I'd take some pride in your downvote.
You can strip the sender's entire connection from the Headers in the email, and make it look like your SMTP server originated the mail...
With sendmail redefine RECEIVED_HEADER in sendmail.mc: define(`confRECEIVED_HEADER',`by $j ($v/$Z)$?r with $r$. id $i; $b')dnl
I've been using this to get around the spam filters when sending emails to my clients from my residential IP.
http://www.devside.net/wamp-server/removing-senders-ip-addre...
If you run a website behind cloudflare it's worth looking into Email IP leaks.
Sometimes simply registering at a website and looking at the registration confirmation email headers can reveal its real IP.
I don't know if their MTA is currently having problems, but it took my MTA 12 minutes to deliver the message to theirs. When I telnet to them on port 25 the welcome banner doesn't seem to appear.
If they're using some form of artificial delays or greylisting, that's all well and good, but it's not really suitable for this sort of service. I imagine a lot of people would get bored of waiting and just leave.
My Thunderbird (v31) appears to leak my IP address ... or is it my Postfix server? anyway, it sounds bad regarding anonymity. Is it a configuration problem? my university lab email service has the same issue, so I guess it's a standard configuration ... ? (my mail server says it's Postfix who handled the mail, the one from the lab doesn't leak that)
It is the server by adding the "Received: from ..." header, not Thunderbird fault. It is indeed a standard configuration.
You (the person who created this :)) should update the link to the email address to include a target for the mailto: link to a new tab: I use Gmail (for domains) and the mailto link opened in the same window, closing the page (which should stay open, it says).
"You are connecting from IP address: 10.56.111.24, 127.0.0.1"
Err, RFC 1918 anyone?
So Gmail doesn't leak anything, but a Gmail Apps account does? Anyone know why?
I am using a VPN all the time to get some level of privacy, today I was stunned by the amount of information my email client is "sharing" with the rest of the world. Crazy ...
Looks like a great way to harvest active email addresses.
They'd be breaking the Privacy Policy if they were; http://emailleaktest.com/privacy.html
Oh no, not the Privacy Policy!
Seriously though, the presence of a privacy policy gives little comfort when both the website and the Privacy Policy are very careful not to identify who is hosting that domain with Godaddy.
Far as I know, the binding nature of a site's privacy policy hasn't been conclusively determined - some courts have held it to be a binding contract, but others have held it to be a statement of company policy.
The only real consequence would seem to be loss of good will - but if their goal was to gather as many email addresses as possible in a short time, then that wouldn't really matter.
what's funny about this is that if you use google mail through the web browser, you can't do email signing or encryption, but your IP address isn't visible to the person you send mail to. but, if you use a 3rd party MUA so that you can use signing and encryption, then your IP address is visible.
Nice try, I'm not going to "leak" my ip to emailleaktest.com. Good effort though.
smart way to collect a huge list of valid email. This list is probably worth a bunch of $ .
For testing things like this using a throwaway address would appear to be the obvious choice.
That's not trivial with my current email provider, which is something I would like to test.
Seems to be down or overloaded this morning. After 5 minutes the page did not update for me.
I went to breakfast and came back and it had refreshed by then.
Spelling mistake spotted; "automaticly" should be "automatically".
Spelling mistakes? "Automaticly" is a much better phonetic representation of what is pronounced. What is right is actually wrong! What is wrong is right!
So I have to click a mailto link rather than letting me copy and paste the email address? I don't have a mail client set up on this machine. Good one....
I right clicked it and selected "Copy Email Address". In Firefox.
Don't make me think... I should be able to copy and paste without any browser tricks or viewing the source.
Right click on a link to copy the url or email address is not a browser trick.
They heard you. You can now copy-paste the e-mail adress.
Can't believe all the down votes for this!