Summary
The general consensus is that removing the X-Originating-IP header has a negligible impact on email deliverability. Modern email systems and spam filters primarily rely on authentication protocols like SPF, DKIM, and DMARC, as well as sender reputation, and engagement metrics. While removing the header might offer a slight privacy or security improvement by obscuring the sender's IP address and potentially limiting information available to attackers, it's not a standard header, and its absence doesn't violate email protocols. Some experts note that in the past, the header might have been used for filtering decisions or to improve reputation on shared IPs, but this is less relevant today. Removing 'received-by' headers is frowned upon, but removing X-Originating-IP is usually harmless.
Key findings
- Low Deliverability Impact: Removing X-Originating-IP has a very limited impact on deliverability; modern spam filters use more sophisticated methods.
- Privacy/Security Improvement: Obscuring the originating IP can offer a slight privacy or security benefit.
- Focus on Authentication: Prioritize SPF, DKIM, and DMARC setup and maintenance for deliverability.
- Not a Standard Header: X-Originating-IP is not a standardized email header, and its removal doesn't violate email protocols.
- Shared IP Considerations: Historically, it might have helped in shared IP environments, but this is less relevant now.
Key considerations
- Authentication is Key: Ensure correct SPF, DKIM, and DMARC configuration as the foundation of your deliverability strategy.
- Evaluate Privacy Needs: Assess whether the minor privacy gain outweighs any potential (though unlikely) negative impact, especially on very old systems.
- Consider Shared IP Context: If using shared IPs, understand whether the information provided by the header has any (minor) benefits.
- Avoid Removing Required Headers: Do not remove required headers. X-Originating-IP is not required and is distinct from 'Received' headers.
What email marketers say
11 marketer opinions
The consensus among email marketers is that removing the X-Originating-IP header has minimal impact on email deliverability. While it may offer a slight privacy or security benefit by obscuring the sender's IP address and potentially limiting information available to attackers, modern spam filters prioritize factors like domain reputation, authentication protocols (SPF, DKIM, DMARC), sender reputation, and engagement metrics. Removing internal 'received-by' headers may be considered for privacy/security reasons but be mindful of potential impacts on bounce-back detection.
Key opinions
- Minimal Impact on Deliverability: Removing X-Originating-IP doesn't significantly affect deliverability as spam filters rely on more sophisticated methods.
- Slight Privacy Benefit: Removing the header can obscure the originating IP, offering a minor privacy improvement.
- Security Concerns: Removing the header might reduce the amount of information available to potential attackers, but offers limited additional security.
- Focus on Authentication: Proper authentication (SPF, DKIM, DMARC) and domain reputation are more critical for deliverability.
Key considerations
- Privacy vs. Utility: Weigh the slight privacy benefit of removing the header against its minimal impact on deliverability.
- Alternative Security Measures: Focus on more robust security measures instead of relying solely on header removal.
- Bounce Detection: Be aware of any potential impact of removing internal headers on bounce-back detection, especially with systems like Zimbra.
- Internal Headers: Consider removing internal 'received-by' headers for privacy but assess the impact on internal network topology visibility.
Marketer view
Email marketer from SuperUser explains that removing the X-Originating-IP header might reduce the amount of information available to potential attackers. However, removing the header provides very limited additional security.
18 Jun 2024 - SuperUser.com
Marketer view
Email marketer from Reddit suggests that while removing X-Originating-IP might seem like a good idea for privacy, it won't significantly affect deliverability. Spam filters are sophisticated and look at many factors, not just a single header.
25 Jan 2024 - Reddit
What the experts say
5 expert opinions
Experts offer mixed perspectives on removing the X-Originating-IP header. While its presence *can* be used for filtering and potentially improve reputation in shared IP scenarios, especially with older systems, its removal is generally considered harmless for deliverability, aligning with the consensus that modern spam filters prioritize other factors. While some experts frown upon removing *received* headers, X-Originating-IP is not a standard received header and removing it can offer a slight reduction in disclosed information.
Key opinions
- Limited Deliverability Impact: Removing X-Originating-IP is unlikely to significantly affect deliverability as modern spam filters focus on other factors.
- Potential for Filtering (Historically): The X-Originating-IP header *could* be used in filtering decisions, particularly by older systems.
- Reputation Improvement (Shared IPs): In shared IP environments, the header *could* potentially improve sender reputation.
- Privacy Consideration: Removing the header offers a slight reduction in disclosed information.
Key considerations
- Modern vs. Legacy Systems: Consider whether recipients are likely to be using older systems that might rely on this header for filtering.
- Shared IP Reputation: Assess whether you are sending from a shared IP where providing this information could be beneficial.
- Privacy Trade-off: Balance the potential (slight) privacy gain against any potential (small) negative impact on deliverability.
- Received Headers vs. X-Originating-IP: Understand the distinction between standard 'Received' headers (which are generally best left intact) and the non-standard X-Originating-IP header.
Expert view
Expert from Email Geeks explains that the X-originating-IP header, when trusted, is used in filtering decisions and can improve reputation from mail coming out of a shared IP. Depending on the implementation, it may be showing corporate or employee IPs.
10 Nov 2021 - Email Geeks
Expert view
Expert from Email Geeks, Laura Atkins, agrees with Ken O'Driscoll, stating there's no harm in removing the X-originating-IP header.
26 Dec 2023 - Email Geeks
What the documentation says
4 technical articles
Technical documentation consistently indicates that the X-Originating-IP header has little to no impact on email deliverability. Modern email systems like Exchange Online Protection (EOP) prioritize authentication protocols (SPF, DKIM, DMARC) and sender reputation. Furthermore, the X-Originating-IP header is not a standardized header according to RFC standards, and its removal does not violate email protocols. DKIM validation is also unaffected by the presence or absence of this header. Email headers, in general, have a small impact on deliverability.
Key findings
- Minimal Impact on Deliverability: X-Originating-IP header's presence or absence has little impact on email deliverability.
- Focus on Authentication: Modern email systems prioritize authentication protocols (SPF, DKIM, DMARC) and sender reputation.
- Not a Standard Header: X-Originating-IP is not a standardized email header.
- DKIM Unaffected: The presence or absence of the X-Originating-IP header does not affect DKIM validation.
Key considerations
- Authentication Focus: Ensure proper implementation and maintenance of SPF, DKIM, and DMARC for optimal deliverability.
- Header Prioritization: Prioritize proper setup of required headers instead of non-standard ones for deliverability.
- RFC Compliance: Understand which headers are required for email protocol compliance and which are optional.
- Overall Header Impact: Recognize that email headers, in general, have a small impact on deliverability.
Technical article
Documentation from RFC Editor specifies that while trace headers like Received fields are essential for diagnosing delivery issues, custom headers such as X-Originating-IP are not standardized. Their removal does not violate email protocol standards, and their utility is dependent on specific implementations.
4 Apr 2025 - RFC 6854
Technical article
Documentation from DKIM.org details how DKIM (DomainKeys Identified Mail) focuses on verifying the sender's domain and message integrity. The presence or absence of the X-Originating-IP header does not affect DKIM validation and, therefore, has no direct impact on deliverability for DKIM-authenticated emails.
13 Dec 2021 - DKIM.org
How can I find the source and purpose of emails originating from unrecognized IP addresses?
How can I hide my mail server IP address or mitigate attacks against it?
Does x-originating-ip impact email deliverability?
Do X-Headers negatively impact email deliverability?
Does the location of my email server affect deliverability to different countries?
