A claim that email forwarding is “private by design” is made by : CF has a habit of neglecting to count themselves when discussing access to sensitive data. Question: if I want to ensure that I do not send email to Cloudflare’s routing server, is it just an MX lookup?

@bojkotiMalbona I'm pretty sure that as long as you don't enable it, it doesn't write the DNS records necessary for email handling. In case you did enable it, you'll probably have to remove those added DNS records.

@CPlusPatch I do not use Cloudflare. I’m asking as a Cloudflare outsider. If Bob the Cloudflare user tells me to email him at, I need to know if doing so will lead to disclosure of my msg to Cloudflare. I hope that I can simply do an MX lookup on & that the response will name “cloudflare”.

@CPlusPatch In principle CF’s MX server need not mention “cloudflare”, which would greatly complicate avoidance.

@bojkotiMalbona If you send an email to Bob who is using this service, then yes, it'll lead to disclosure of the email (given you don't use encryption like OpenPGP).

CloudFlare will chance the MX records to be their own servers, receive the email and then forward it to the recipient (it's literally kothing more than a glorified mail forwarder).

@bojkotiMalbona I'm not sure about that, but if you have these kinds of concerns you probably shouldn't be using email.

Email is really flawed by design, you'll be better off using E2E to communicate if you didn't know already

@CPlusPatch My threat model includes mass surveillance & surveillance capitalists. That means I do not email Google or MS receipients & I do not disclose my email address to gmail & ms email users (b/c they will use it). But if Alice runs her own mail server or uses hole-in-the-wall ESP, that is not inherently a problem w/my threat model. CF is a privacy-abusing tech giant thus GAFAM treatment.

@CPlusPatch It’s not just snooping that I’m acting against, but also financing privacy/netneutrality abuses. Emailing people on pernicious platforms ultimately feeds those platforms. E.g. even without having a Google acct, it would help Google profit to have my email exchange because they convert the data into revenue.

@bojkotiMalbona I think you should stop using email altogether and switch to E2E messaging with apps such as Session that don't have these problems.

If you need email for anything, there are sites that provide burner emails which can be used and thrown away

@CPlusPatch For most part, that is the end result. I force friends and family to reach me via XMPP/omemo. Email is nearly dead to me. But there are rare occasions that I only have the email address of the other party & no other means to reach them, and their email address happens to not be GAFAM-based, and the server is willing to talk to my server. So I use email in those rare cases.

@CPlusPatch And indeed i always use a disposable/burner/forwarding type of address in those cases. But that’s a trade-off because I’m introducing a MitM in exchange for having a disassociated address for each msg.

@bojkotiMalbona I see, well you might want to just act as if all those emails were public, since it would be impossible to make the recipient switch from their convenient Gmail address

Ultimately it's the only choice for people like you who have such as threat model, email is just completely insecure by design

@CPlusPatch Indeed email is insecure by design, but many incorrectly interpret that to mean “security therefore cannot be bolted on”. Security is not binary (something you have or do not have). It’s a question of whether there is /enough/ security for a given purpose. Sometimes you can bolt on enough security to sufficiently address the threat model.

@CPlusPatch A gmail pawn is far more exposed than a protonmail user. So there are some threat models that are suitable for protonmail users (even without e2ee) but not gmail. Now that is getting into the business this changes my workflow slightly. That is, when I do an MX lookup prior to deciding whether to disclose my email address to a business, I will also look for CF.

@CPlusPatch I have a script that I run before composing an email. The script takes an email address as input. It first checks whether there is a PGP key available for that address (which is almost always /no/). Then it does an MX lookup & highlights privacy abusers (MS, Google, Yahoo, etc). Those results play into the email vs. snail mail decision, depending on circumstances.

@bojkotiMalbona wow lmao you've really put thought into this

Best of luck to you with Cloudflare

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.