As I said, I'm using gmail, so no domain or MX record from my host. I did it this way to try and stay hidden behind Cloudflare. As it stands right now I've made it very hard to the best of my ability for a user to never get passed Cloudflare and thus the firewall rules I have in place at Cloudflare with my shared hosting. If I had a VPS things would be different in that I'd use IPtables or whatever and block all IPs except Cloudflare connecting IPs. Right now a good hacker could look at the email headers and thus the IP address and deduce down what my real host IP address is from the CIDR. Though, it appears that may actually be harder than it seems because I created a PHP script with an HTML form that resolves through a range of IP addresses to domain resolution and while it works with some websites like ask.com to show me the correct IP address to domain resolution from a range of IP addresses, my non-Cloudflare IP address from my host its self doesn't resolve to my domain in my testing. So that's good I guess. Good in that the real IP address can't be found.
I actually don't even want to use my host's email facility anyway besides the need to staying hidden behind Cloudflare because it's easy to get on an email spam block list with an email domain that needs DKIM and whatnot all setup right. Then you're open to a DDoS or what ever shenanigan (nature of email hosting). So it's best to let a professional email provider handle your board email. In my opinion anyway...
Thanks for the clarification. One day maybe I should see about setting up email with Amazon or whatever host that would use a separate IP and of course data center providing I could edit the email server settings to omit the IP address in the email headers. I'm sure there's a way of doing it. Will have to do some research.As Paul explained, those headers are not created by phpBB. They are created by the email servers when the message is passed along.
Statistics: Posted by Ruby_IO — Mon Mar 25, 2024 5:52 am