We are going to require smtp auth for all outbound mail from user mail programs. There will be a "received:" line created when we accept the message from the end user pc.

The advice I need is whether to include the originating system's ip address in that received line.

The email RFCs would seem to prefer or even require the IP

But we live in the days of zombie armies, and I know that publishing home ips can be a security risk

So what do you say, do we include that ip address, or not?