X-Authenticated-Id header revealing username?

TomJones

Verified User
Joined
May 9, 2004
Messages
59
I was just looking at some bounced mail headers and realized the username was listed in the "X-Authenticated-Id" header. Is that header necessary? Can I modify how it displays the sending user? Maybe md5 the username, so I could figure out who it was (if somebody was sending out spam, etc), but not have usernames displayed in plain text.
 

SeLLeRoNe

Super Moderator
Joined
Oct 9, 2004
Messages
6,789
Location
A Coruña, Spain
Is totally normal in DA that the e-mail address is the username, and i think that this is actually useful, it did help me a lot to narrow down who was the user sending spam to block (change password) on compromised account.

I would actually prefer to keep it, maybe would be nice enough to change the header name to something less "clear", but i would definetely keep it for investigations.

If anyone have a username (and it is always/most-of-the-time the email address) doesn't mean the account is compromised at all, all gmail/hotmail/yahoo/whatever email address are actually the username... You still need to protect your server for DDoS attacks.


Regards
 
Top