Protonmail spying on messages with servers based in France

[ghost]

.

[exander77]

@cyber-security-engineer What is your claim based on?

Provided IP seems to reverse to mail-europe.com. Does not sound like ProtonMail at all.

$  host 91.134.188.129
129.188.134.91.in-addr.arpa domain name pointer mail-03.mail-europe.com.

[exander77]

@cyber-security-engineer

The domain proton.ch and mail-europe.com seem to be registered by ProtonMail.

Digging into the structure of SPF records, I would guess that these are rented IP addresses for delivery into France and Germany:

_spf.protonmail.ch. 1200    IN  TXT "v=spf1 ip4:185.70.40.0/24 ip4:185.70.41.0/24 include:_spf2.protonmail.ch ~all"
_spf2.protonmail.ch.    1200    IN  TXT "v=spf1 ip4:51.89.119.103 ip4:91.134.188.129 ip4:51.77.79.158 ip4:54.38.221.122 ip4:188.165.51.139 ip4:54.36.149.183 ~all"

[exander77]

@cyber-security-engineer I came from Reddit. I already figured the ownership.

Based on what information do you assume that there are any servers there? This report lacks info. I had to look for ownership myself.

I myself personally managed mail servers and we rented the IP in the target country to improve e-mail delivery.

It may be also related to Alternative Routing: https://portswigger.net/daily-swig/alternative-routing-protonmail-to-add-new-anti-censorship-feature#:~:text=Alternative%20routing%20is%20the%20use,even%20in%20countries%20with%20censorship. https://protonmail.com/blog/anti-censorship-alternative-routing/

[exander77]

@cyber-security-engineer You disregarded my question. Based on what information do you assume that there are any servers there? Do you use alternative routing?

Protonmail claims that all email is stored securely in Switzerland but the reality and the facts shows otherwise.

You have not proven that. For some reason you assume there is a machine there which stores e-mails. Why is that? Do you have some additional info?

[exander77]

What servers? How do you know this information?

Protonmail never announced to its users that all email without exception will be sent outside of Switzerland which makes them criminals.

How do you know that?

You are making wild claims without any info.

We have the following: 1) You received an e-mail from ProtonMail which was sent through French IP. At least I understand it that way. Does recipient address belong to French domain or has French IP address as its mail server? I would understand if you complained that e-mails from Swiss to Swiss were sent to France, but if the e-mail were sent into France, then I am not sure what this is all about. 2) We can conclude that the IP is controlled by ProtonMail, based on domain info and SPF records. 3) There are other IP addresses in the SPF record, six in total French and German.

I have actually provided more info here as I pointed out the other IP addresses.

Where are you getting the rest?

[exander77]

@cyber-security-engineer

ALL EMAIL WHICH SENT FROM PROTONMAIL is passing trough of the servers mentioned above.

This is not true, I have tested it. None of my e-mails went through, I live in Europe, but neither Germany nor France.

they rented a few servers

What servers?

I am starting to doubt that you are cyber security engineer.

[exander77]

So, you are recipient on that address above? Is the sender in France? Or use Alternative Routing? I have sent an e-mail with the following Subject: Test aicho2ahhai9hu7sai2oochai9Ao5ohD to that address, check if it comes from the same address.

[exander77]

Seems my e-mail came from mail-41104.protonmail.ch[185.70.41.104], which is the standard way. I get my e-mails from mail-?.protonmail.ch as well.

[exander77]

Then what came from mail-41104.protonmail.ch[185.70.41.104]?

[exander77]

Nothing. It was never delivered! I tested with other email providers and they deliver email correctly. Protonmail however sending UNENCRYPTED emails to France first and then when received a disconnect try to setup another connection from protonmail.ch but the fact is that they already sent the email unencrypted to a server outside of Switzerland is not change!

I have a hard time to understand your claims. There is no direct connection from Switzerland to Iceland. Iceland is connected through Nederland, so all e-mails from ProtonMaill pass the Netherlands.

[exander77]

DNSSEC

Why would you need to sign a domain though DNSSEC if you don't access it through domain name? It is used for outgoing email.

[bartbutler]

Hi there. We sometimes use IPs from cloud services to deliver mail if our normal mail servers are unable to due to IP blocking or other censorship. All of the emails affected are being sent to external addresses and there is no security difference compared to direct sending.

All of the OPs accusations here are false. This is a basic technique to improve deliverability with no security implications if done correctly, which we do.

[exander77]

What false? Protonmail sending emails out of Swiss jurisdiction and so you are a bunch of fucking criminals who lie to the public.

Makes no sense. Island itself is out of Swiss jurisdiction. They need to send emails to deliver them.