Received a mail from noreply-smtp-tls-reporting@google.com

Hi,

i received tonight this mail from google, related for my email domain :

"Report Domain: mydomain.xxx Submitter: google.com Report-ID:

This is an aggregate TLS report from google.com"

with a .json attached document

Is this normal ? Can i safely open the attached document ?

Hmm I think you alone can answer if this is normal. Is your domain somehow connected to google?

And as far as opening attachments goes, I have only two rules for that.

  1. Do you know the sender?
  2. Are you expecting attachments from said sender?

If not, delete.

This is clearly a strange thing, im not connected by any way to google

The only fact is that i still have a google account but i deleted completely the gmail apps, replacing it with my personal e-mail address in the google account (so you can delete your gmail, keep your google account and put another mail inside) because i still need my google account for something else

it doesn’t seems malicious but i don’t know why i’m receiving that now

if anyone got a clues about that

After examining the complete header of the message, it comes from :

  • 209.85.161.71

owned legitimately by google as far as i can see, (report from dnslw.org) :

  • IP address 209.85.161.71 is whitelisted at dnswl.org with the following details:

DNSWL Id: 1429; Domain: google.com; Sec. Domains: cloudsmtp.net, postini.com, googlemail.com, obsmtp.com, 1e100.net, gmail.com, postinicorp.com; Category: Access/Network/Hosting Provider (127.0.0.x);

good reputation at http://www.mailspike.net

received like that :

  • Delivered-To: myemail@mydomain.xxx
    Received: from my-MiaB-box-name ([127.0.0.1])
    by my-MiaB-box-name with LMTP id cJyRNPCls1/SAgAAieN0SA
    for myemail@mydomain.xx; Tue, 17 Nov 2020 11:29:04 +0100

i scan the attached file with virustotal : 0 threat

so i open it and it was some more infos :

{“organization-name”:“Google Inc.”,“date-range”:{“start-datetime”:“2020-11-16T00:00:00Z”,“end-datetime”:“2020-11-16T23:59:59Z”},“contact-info":"smtp-tls-reporting@google.com”,“report-id”:“2020-11-16T00:00:00Z_mydomain.xxx”,“policies”:[{“policy”:{“policy-type”:“sts”,“policy-string”:[“version: STSv1”,“mode: enforce”,“mx: my-Miab-box-name”,“max_age: 86400”],“policy-domain”:“mydomain.xxx”},“summary”:{“total-successful-session-count”:1,“total-failure-session-count”:0}}]}

But why my box sent me that ? Is that just a report that my box sent to me tonight ? Maybe @JoshData do have some clues about it ?

It is the MTA-STS report …

1 Like

Ok so this seems normal, but since MTA-STS has been implemented in MiaB, i didnt received such mails

Two cosiderations … the number of emails you have sent and to whom they have been sent.

This is similar to DMARC reporting. A DMARC report is only generated on a day that there are emails sent to the provider doing the reporting. Also there are only a few providers participating in DMARC reporting. So far I have only received DMARC reports from Google, Verizon (Yahoo!) and FastMail. I expect participation in MTA-STS to even be less.

The TLS report emails are about emails sent to your domain. They are designed to let you know about any failures in establishing TLS connections with your server.

As yet I have only seen reporting emails from Microsoft and Google.

considering the low participation, do you think I should enable MTA-STS? as currently I have not configured it yet and I’m still not sure if I should… from what I understand, if I enforce MTA-STS, any server trying to mail me that does not have MTA-STS enabled will be unable to mail me? been reading this explanation here

Don’t be fooled by this IP, it is “owned” by google, but it’s just an IP that anyone can spin up a virtual machine or other google services and use for good or bad. This IP has a bad reputation on 18 sites that track spam/malware:

Try this service: http://multirbl.valli.org/lookup/209.85.161.71.html

i think this is a normal behaviour, because i set 4 records (MTA + SMTP) in my MiaB panel with this e-mail. I also received this from microsoft and google.