There's lots of breathless hyperbolae today about Hillary Clinton's use of a non-government email address during her tenure as Secretary of State. The Associated Press article is reasonably representative of the focus of the current debate:
The email practices of Hillary Rodham Clinton, who used a private account exclusively for official business when she was secretary of state, grew more intriguing with the disclosure Wednesday that the computer server she used traced back to her family's New York home, according to Internet records reviewed by The Associated Press.Let's apply a little Internet forensics to the domain in question: clintonemail.com. First, who owns the domain?
[...]
It was not immediately clear exactly where Clinton's computer server was run, but a business record for the Internet connection it used was registered under the home address for her residence in Chappaqua, New York, as early as August 2010. The customer was listed as Eric Hoteham.
$ whois clintonemail.com [snip] Domain Name: CLINTONEMAIL.COM Registry Domain ID: 1537310173_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.networksolutions.com Registrar URL: http://networksolutions.com Updated Date: 2015-01-29T00:44:01Z Creation Date: 2009-01-13T20:37:32Z Registrar Registration Expiration Date: 2017-01-13T05:00:00Z Registrar: NETWORK SOLUTIONS, LLC. Registrar IANA ID: 2 Registrar Abuse Contact Email: abuse@web.com Registrar Abuse Contact Phone: +1.8003337680 Reseller: Domain Status: Registry Registrant ID: Registrant Name: PERFECT PRIVACY, LLC Registrant Organization: Registrant Street: 12808 Gran Bay Parkway West Registrant City: Jacksonville Registrant State/Province: FL Registrant Postal Code: 32258 Registrant Country: US Registrant Phone: +1.5707088780 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: kr5a95v468n@networksolutionsprivateregistration.comSo back in January this year the record was updated, and we don't necessarily know what it contained before that, but currently Perfect Privacy, LLC are the owners of the domain. They register domains on behalf of people who don't want to be explicitly tied to that domain. That's actually reasonably standard practice: any big company launching a major marketing initiative wants to register domains for their marketing content, but doesn't want the launch to leak. If Intel are launching a new microbe-powered chip, they might want to register microbeinside.com without their competitors noticing that Intel are tied to that domain. That's where the third party registration companies come in.
The domain record itself was created on the 13th of January 2009, which is a pretty strong indicator of when it started to be used. What's interesting, though, is who operates the mail server which receives email to this address. To determine this, you look up the "MX" (mail exchange) records for the domain in question, which is what any email server wanting to send email to hillary@clintonemail.com would do:
$ dig +short clintonemail.com MX 10 clintonemail.com.inbound10.mxlogic.net. 10 clintonemail.com.inbound10.mxlogicmx.net.mxlogic.net were an Internet hosting company, bought by McAfee in 2009. So they are the ones running the actual email servers that receive email for clintonemail.com and which Hillary's email client (e.g. MS Outlook) connected to in order to retrieve her new mail.
We do need to take into account though that all we can see now is what the Internet records point to today. Is there any way to know where clintonemail.com's MX records pointed to last year, before the current controversy? Basically, no. Unless someone has a hdr22@clintonemail.com mail from her home account which will have headers showing the route that emails took to reach her, or has detailed logs from their own email server which dispatched an email to hdr22@clintonemail.com, it's probably not going to be feasible to determine definitively where she was receiving her email. However, CBS News claims that the switch to mxlogic happened in July 2013 - that sounds fairly specific, so I'll take their word for it for now. I'm very curious to know how they determined that.
All of this obscures the main point, of course, which is that a US federal government representative using a non-.gov email address at all for anything related to government business is really, really bad. Possibly going-to-jail bad, though I understand that the specific regulation requiring a government employee to use a .gov address occurred after Hillary left the role of SecState (Feb 2013). Still, if I were the Russian or Chinese foreign intelligence service, I'd definitely fancy my chances in a complete compromise of either a home-run server, or of a relatively small-scale commercial email service (mxlogic, for instance).
Desperately attempting to spin this whole situation is Heidi Przybyla from Bloomberg:
Jeb Bush owns his own email server http://t.co/6EEPZbeL0q via @msnbc
— Heidi Przybyla (@HeidiPrzybyla) March 4, 2015
OK, let's apply our forensics to jeb.org:
$ dig +short jeb.org MX 5 mx1.emailsrvr.com. 10 mx2.emailsrvr.com.emailsrvr.com is, like mxlogic.net, a 3rd party email hosting service, apparently specialising in blocking spam. I'm not surprised that someone like Jeb Bush uses it. And, like Hillary, he isn't "running his own email server", he's using an existing commercial email server. It's not Gmail/Outlook.com/Yahoo, but there's not reason to think it's not perfectly serviceable, and it's not controlled by Bush so if they log or archive incoming or outgoing email his correspondence is legally discoverable.
The difference between Jeb Bush and Hillary Clinton of course, as many others note, is that Jeb is not part of the US federal government and hence not subject to federal rules on government email...
mxlogic offers email spam filtering service to businesses which filters mail and then forwards to the customer's actual email servers, which typically are hosted on the customer's premises. So...mx record pointing to mxlogic-owned address is required to route mail through the mxlogic filters but says nothing about the location of the actual mail server.
ReplyDeleteDan: right, but it looks like using mxlogic as the email servers was a relatively recent change anyway. From DNS history searches (which aren't necessarily that reliable) it looks like the MX record for clintonemail switched to mxlogic in November 2014.
ReplyDelete