Why does netgate.com have googlemail MX record?

johnpoz

@michmoor guess zscaler is out as well.. ;)

;; QUESTION SECTION:
;zscaler.com.                   IN      MX

;; ANSWER SECTION:
zscaler.com.            3600    IN      MX      10 aspmx3.googlemail.com.
zscaler.com.            3600    IN      MX      10 aspmx2.googlemail.com.
zscaler.com.            3600    IN      MX      5 alt2.aspmx.l.google.com.
zscaler.com.            3600    IN      MX      1 aspmx.l.google.com.
zscaler.com.            3600    IN      MX      5 alt1.aspmx.l.google.com.

They should prob go through all of their IT equipment and pull out anything made by broadcom ;)

;broadcom.com.                  IN      MX

;; ANSWER SECTION:
broadcom.com.           3600    IN      MX      10 mx1.smtp.goog.
broadcom.com.           3600    IN      MX      60 mx4.smtp.goog.
broadcom.com.           3600    IN      MX      50 mx3.smtp.goog.
broadcom.com.           3600    IN      MX      40 alt2.aspmx.l.google.com.
broadcom.com.           3600    IN      MX      40 alt1.aspmx.l.google.com.
broadcom.com.           3600    IN      MX      30 aspmx.l.google.com.
broadcom.com.           3600    IN      MX      20 mx2.smtp.goog.

VerticalTechnik

@michmoor GAFAMs.. for the ones who want to understand my thoughts on security and privacy evaluation.

johnpoz

@VerticalTechnik said in Why does netgate.com have googlemail MX record?:

GAFAMs

Wouldn't that now be GAMAMs now.. with facebook now being Meta

michmoor

@VerticalTechnik
But how does that help
In evaluating a companies ability to do commerce or treat your data securely.

Unless you are saying that because Netgate uses Google mail servers Google can read their mail…but smtp is insecure anyway so what’s the point.
If we’re being honest you just have a “security” policy of not j business with any entity that doesn’t own their mail servers which is a bit insane in 2024 but that’s your decision. It’s just strange that you’re choosing an insecure protocol by default as your decision point but ok

johnpoz

@michmoor maybe he is ok with the other mail providers, and spam filtering services that many a company, and very large ones especially run their mail servers through.

Proofpoint is a big one that many a large company uses, we are moving away from them - they have been missing obvious stuff.

MS is part of GAFAM or now should really be GAMAM, so maybe they don't do business with anyone that uses any of these services. Companies putting their info up on onedrive for example.. MS prob filtering through that stuff for data as well, if they mining data in email ;)

dem

@VerticalTechnik said in Why does netgate.com have googlemail MX record?:

@michmoor GAFAMs.. for the ones who want to understand my thoughts on security and privacy evaluation.

Tell us your thoughts on the icons near the bottom of (what I assume is) your home page.

Screenshot 2024-01-11 at 8.09.04 AM.png

NollipfSense

Google is in the business of extraction of information without privacy regards...it's their nature and that's bad for the living or dead human being. I champion the small group from Spain that took on Google and won for the right to be forgotten. Doing business with Google supports that extraction. It doesn't bother me that Netgate is hosting their email server on Google...it's mostly or all encrypted emails when I communicate with the company. However, I wouldn't support Google economic extraction engine and I completely understand why that could turn off a potential client.

JonathanLee

PfSense needs one for alarm emails, also they have one to preset NTP on boot up before NTP servers come online for log tracking also. Don’t worry about it

johnpoz

@JonathanLee

JonathanLee

@johnpoz

dw

@VerticalTechnik
You haven't setup your DMARC properly.
No cloud services? what's this - Microsoft office 365.
Try to google for "could act" and you will not be able to sleep.
Screenshot from 2024-01-12 13-55-02.png

NollipfSense

@dw said in Why does netgate.com have googlemail MX record?:

You haven't setup your DMARC properly.

You really think DMARC policy stops Google...think again...here is a list from my company's DMARC report account of silly hackers attempt at using Google email service...OP's concern is legitimate..

Screenshot 2024-01-12 at 8.09.18 AM.png

dem

@NollipfSense said in Why does netgate.com have googlemail MX record?:

You really think DMARC policy stops Google...think again...here is a list from my company's DMARC report account of silly hackers attempt at using Google email service...OP's concern is legitimate..

Google will send a DMARC report even if it has only received completely legitimate emails from your domain. The fact that you've received a report from them proves nothing.

You can send your reports to a site like dmarcian to get a detailed report about what's really in them.

michmoor

OPs concern aside, i find this conversation pretty interesting. Grabbing my popcorn

VerticalTechnik

@dem Sure.. this is a good argument, and currently in progress to be changed. Nevertheless, this has an lower priority as giving potentially critical Hardware informations about Firewall, Network etc.. And this topic might be a controversial discussion.
Primally I wanted to give an input to Netgate, that this MX record does exist, and can avoid potential clients to buy their products. Sure its none of my business what Netgate thinks about it, but mabye some clients do care.

dem

@VerticalTechnik As someone who runs your own mail server, don't you find that most messages you send end up in SPAM folders? Also I'm curious, do you trust Proton?

NollipfSense

@dem said in Why does netgate.com have googlemail MX record?:

Google will send a DMARC report even if it has only received completely legitimate emails from your domain.

Not true...one receives a report only on spoofing or mistyped addresses...why would one need a report on legitimate addresses?

dem

@NollipfSense Google's help page says:

We recommend that you regularly monitor the daily DMARC reports that you get by email. Reviewing the information in the reports helps you understand what messages sent from your domain are passing Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) authentication, and DMARC authentication.

DMARC reports tell you:

What servers or third-party senders are sending mail for your domain

What percent of messages from your domain pass DMARC

Which servers or services are sending messages that fail DMARC

What DMARC actions the receiving server takes on unauthenticated messages from your domain: none, quarantine, or reject.

NollipfSense

@dem said in Why does netgate.com have googlemail MX record?:

As someone who runs your own mail server, don't you find that most messages you send end up in SPAM folders?

A properly configured email server rarely gets spam delivered...that's because all that spam gets trapped in quarantine or rejected...if you send me an email without me first allowing it to be delivered...I would never get it.

Cool_Corona

@NollipfSense Thats clever. Or not...