Hi,
i received tonight this mail from google, related for my email domain :
"Report Domain: mydomain.xxx Submitter: google.com Report-ID:
This is an aggregate TLS report from google.com"
with a .json attached document
Is this normal ? Can i safely open the attached document ?
Hmm I think you alone can answer if this is normal. Is your domain somehow connected to google?
And as far as opening attachments goes, I have only two rules for that.
If not, delete.
This is clearly a strange thing, im not connected by any way to google
The only fact is that i still have a google account but i deleted completely the gmail apps, replacing it with my personal e-mail address in the google account (so you can delete your gmail, keep your google account and put another mail inside) because i still need my google account for something else
it doesn’t seems malicious but i don’t know why i’m receiving that now
if anyone got a clues about that
After examining the complete header of the message, it comes from :
owned legitimately by google as far as i can see, (report from dnslw.org) :
DNSWL Id: 1429; Domain: google.com; Sec. Domains: cloudsmtp.net, postini.com, googlemail.com, obsmtp.com, 1e100.net, gmail.com, postinicorp.com; Category: Access/Network/Hosting Provider (127.0.0.x);
good reputation at http://www.mailspike.net
received like that :
i scan the attached file with virustotal : 0 threat
so i open it and it was some more infos :
{“organization-name”:“Google Inc.”,“date-range”:{“start-datetime”:“2020-11-16T00:00:00Z”,“end-datetime”:“2020-11-16T23:59:59Z”},“contact-info":"smtp-tls-reporting@google.com”,“report-id”:“2020-11-16T00:00:00Z_mydomain.xxx”,“policies”:[{“policy”:{“policy-type”:“sts”,“policy-string”:[“version: STSv1”,“mode: enforce”,“mx: my-Miab-box-name”,“max_age: 86400”],“policy-domain”:“mydomain.xxx”},“summary”:{“total-successful-session-count”:1,“total-failure-session-count”:0}}]}
But why my box sent me that ? Is that just a report that my box sent to me tonight ? Maybe @JoshData do have some clues about it ?
It is the MTA-STS report …
Ok so this seems normal, but since MTA-STS has been implemented in MiaB, i didnt received such mails
Two cosiderations … the number of emails you have sent and to whom they have been sent.
This is similar to DMARC reporting. A DMARC report is only generated on a day that there are emails sent to the provider doing the reporting. Also there are only a few providers participating in DMARC reporting. So far I have only received DMARC reports from Google, Verizon (Yahoo!) and FastMail. I expect participation in MTA-STS to even be less.
The TLS report emails are about emails sent to your domain. They are designed to let you know about any failures in establishing TLS connections with your server.
As yet I have only seen reporting emails from Microsoft and Google.
considering the low participation, do you think I should enable MTA-STS? as currently I have not configured it yet and I’m still not sure if I should… from what I understand, if I enforce MTA-STS, any server trying to mail me that does not have MTA-STS enabled will be unable to mail me? been reading this explanation here
Don’t be fooled by this IP, it is “owned” by google, but it’s just an IP that anyone can spin up a virtual machine or other google services and use for good or bad. This IP has a bad reputation on 18 sites that track spam/malware:
Try this service: MultiRBL.valli.org - Results of the query 209.85.161.71
i think this is a normal behaviour, because i set 4 records (MTA + SMTP) in my MiaB panel with this e-mail. I also received this from microsoft and google.