Not often do we break news on Dvorak News but today we do. Hillary Clinton used a spam filtering service MxLogic to filter her spam and viruses. What this means is – employees at MxLogic, now owned by McAfee – had full access to all her classified state department email in unencrypted form.

Here’s the MX records for clintonemail.com.

clintonemail.com. 7200 IN MX 10 clintonemail.com.inbound10.mxlogicmx.net.
clintonemail.com. 7200 IN MX 10 clintonemail.com.inbound10.mxlogic.net.

I’m Marc Perkel – I’m an email expert and I run a competing spam filtering service Junk Email Filter. (yes – I’m jealous) So I know how email system work. Email from the Internet is routed by DNS records called MX records what are used to look up where to deliver email destined for a recipient. When someone uses a Spam Filtering service they point their MX records to that service and all email for that domain goes to the spam filtering service first – they clean it – and forward the good email on to the recipient server which is secret to the world.

Internet —–> MxLogic ——> Hillary’s Server

What this means is that when Obama or anyone in the State Department emailed Hillary, the email went to MxLogic. It was then decrypted, checked for spam and viruses, and then reencrypted and sent over the open internet to Hillary’s server. While it was at MxLogic it could be read, tapped, archived, or forwarded to anyone in the world without anyone knowing.

This system has serious security implications. Email to McAfee’s servers might be encrypted and email out of McAfee might be encrypted, but while it’s at McAfee any employee who has access to the filtering system can tap and read any email going to that domain. So – for example – if I’m a Russian spy, ISIS, North Korea, or Fox News, or a 14 year old hacker, all I have to do is bribe someone at McAfee or hack their work login,  and they get to read all the email of the Secretary of State. WooHoo!

And – this is one of many reasons they have a rule at the State Department that you have to use their servers.

For what it’s worth I was imagining that I was the email security tech at the State Department and I’m aware that Hillary isn’t playing by the rules. What do I do? If I confront her about it do I get fired? Or does the State Department even have email security? How does this get past the tech guys.

So if I’m in the job I’m thinking that I would require VPN tunnels with SSL down the tunnel. Might even wrap the SSL inside an SSH tunnel creating 3 layers. Might even require PGP keys on top of that. I mean – I have the ability to do that – so why not the State Department?

But – maybe she’s super stealth? While the Russians are trying to hack her state department account, which doesn’t exists, no one would ever think she’s stupid enough to have her email on a private server in her home. Security through obscurity. And that is assuming that she’s telling the truth about that.

Although we don’t know what IP address Clinton’s real email is on. It’s interesting to note IP addresses in the DNS for the clintonemail.com domain. Most host names like www.clintonemail.com all map to some holding page of no importance. However that host mail.clintonemail.com maps to a different IP address 64.94.172.146, which is in a data center in the New York area, Internap.com. Interesting that her “home server” resolves to a data center. Seems worth investigating to me. mail.presidentclinton.com resolves to the same IP address and also uses MxLogic.

So I thought, what if she has web mail? And sure enough – I GOT A LOGIN PROMPT! https://mail.clintonemail.com And I have verified by the SSL certificate that this is indeed the clintonemail.com server – still online! Click here and type in mail.clintonemail.com

I already tried hillary2016 for the password and that didn’t work. But I’m looking at this and thinking WTF!

Is Hillary’s server secure? It get’s a B rating here. Only supports weak protocols. Uses only SHA1. TLS 1.0.

Another SSL testing site. https://www.whynopadlock.com/check.php – type in mail.clintonemail.com.  In contrast type in mail.junkemailfilter.com. My server passes – Hillary’s doesn’t.

Shouldn’t the Secretary of State of the United States of America use a server that isn’t weak?

What email went through this system that could have been tapped? Emails about Libya, Syria, Egypt, Israel, Putin, ISIS, the Bin Laded raid, and Chelsea’s wedding guest list!  OMG!

I have been a Clinton supporter. Here’s a pic with me and Hillary in 1992.

If she’s the candidate I would still vote for her in the general election over any Republican. But in the primary – I still dream of Elizabeth Warren, but I’ll settle for Biden. And isn’t that just a little sad.

And – for those of you who make this argument, “Republicans did it too! (Therefore Hillary should get away with it.)” My response – “Are you F…ing kidding me!”

The bottom line – none of this would have happened if she had just played by the rules.



  1. ± says:

    It’s incomprehensible how intelligent people can shamelessly admit they vote for known evil.

    • kiwini says:

      Or, even worse, bragging about having done so…

    • Marc Perkel says:

      I didn’t vote for Bush!

      • Alan Travis says:

        OF COURSE you didn’t vote for Bush, Marckey.
        You’re a liberal! Hello!
        Proud of Obama destroying the country, Marc?
        “I will cut the deficit in half by the end of my first term.” – Obama, your kind of guy, Marc.

        ISIS loves Obama even more than you do. He’s their best ally.

        • Deficit More Than Cut in Half Since 2009

          The deficit reduction since that point represents the fastest decline in the deficit over a sustained period since the end of World War II. So it took an extra year or so Obama has in no way destroyed the country. Internet much or are you too busy spouting inane comments like “ISIS loves Obama even more than you do. He’s their best ally.” As soon as your republican congress stops bickering with each other and authorizes war powers to fight ISIS I am sure Obama will be all about it. “Congress debates authorizing new war powers in ISIS fight” February 16, 2015. Or do you think they will wait and see if a white republican president gets elected so he can act the hero.

          • EWeatherwax says:

            Here’s the thing about that whole “deficit cut in half’ business: You’ll note they start at 2009, which was after the massive stimulus and the largest spending year ever–a whopping 1.4 trillion! So yes, Obama did cut it in half thereafter, but only after first tripling it. Deficits under Obama have been higher than any other president, which is why the DEBT keeps rising and rising (now predicted to hit 20 trillion next year).

          • Crrr6 says:

            Crediting Obama for cutting the deficit in half is like crediting Oprah for the single greatest reduction in Cheetos consumption since WWII. Her competition of 150 pound nobody’s just can’t compete.

          • NewFormatSux says:

            They say deficit cut in half, by crediting George W Bush with the stimulus spending. It is pretty easy to increase the deficit by a trillion dollars and then take credit for cutting it back again. Obama is still running deficits of many hundreds of billions of dollars, and even that is lower because Republicans took control of COngress and put the brakes on Obama’s plans for never ending trillion dollar deficits.

            Thanks for playing “I’m an Obama stooge.”

          • EWeatherwaxVoiceOfANation says:

            EWeatherwax: Yes they start in 2009 with Obama’s deficit figures – Obama took office on January 20, 2009. Prior to that (2008) is Bush.

            *facepalm*

  2. NewFormatSux says:

    Marc, you just said that the real server is hidden, and the DNS points to McAfee. So couldn’t the data center you uncovered just be a McAfee server?

    • Marc Perkel says:

      I just tested the SSL certificate and it returns that it is in fact clintonemail.com – VERIFIED!

      • NewFormatSux says:

        How can you say they had access to classified e-mails?
        Hillary declared, ‘Nothing classified was sent. There is no classified material.’
        Which based on Clintonics, means that there used to be classified material that was received.

        Nevertheless, do you have any evidence that this was the case?

        • Marc Perkel says:

          Are you saying that the whole time Clinton was SOS that she never sent or received a classified email?

          • NewFormatSux says:

            I’m saying you have no evidence. Whether she was using this service or not, the sending of classified material is a primary issue.

          • NewFormatSux says:

            Now if they redact any of the e-mails that people have asked for, that means it was sensitive information.

  3. NewFormatSux says:

    >I already tried hillary2016 for the password and that didn’t work.

    So now you are an admitted felony hacker.

  4. Sheesh says:

    You dream of Warren, but will “settle” for Biden?

    OMG indeed.

    Sheesh!

  5. Ed S. says:

    Obviously you are not current on the technological prowess of the US government. Anyone with any cryptological ability is working at the NSA. DoD is barely secure and State may someday be, but really do you think anything really important is done by email at State?

  6. ± says:

    It is exciting that you discovered this. And it will be fun to watch the story evolve after having started here.

    That said, it is old news that Hillary has done something wrong, is doing something wrong, and will continue to do wrong stuff in the future. Yawn. So it is easy to overshadow this with a statement of incomprehensible political views. Too bad you didn’t leave that part out and just stick to the facts of the news story. Or you could have saved the political commentary for a different story. And this is not pro Republican. They are known evil too.

  7. Tom says:

    The bottom line question is: Does it all make any real difference? And the answer is: No, likely not.

    In fact, her server may have actually been more secure in practice than an official State Department machine…

  8. John says:

    You understand that it’s entirely possible she didn’t send classified information via email, right? She’s surrounded 24/7 by a team that briefs her and communicates with her, she has little need to be checking her email like the rest of us.

  9. jenn says:

    What rule did she not play by?

    • Marc Perkel says:

      She was supposed to use government issued email addresses and servers.

    • NewFormatSux says:

      All records are to be given to the government for safekeeping. The destruction of personal e-mails is not a determination for her to make, but for the people who handle recordkeeping. All records are to be handed over, which she has not done so, and is thus still in violation of the law.

  10. SophieCT says:

    “What this means is – employees at MxLogic, now owned by McAfee – had full access to all her classified state department email in unencrypted form.”

    Nope. She didn’t use it for anything classified. Do try to keep up.

    • NewFormatSux says:

      Marc has it right, he just hasn’t established there was any.

    • Not all experts really are says:

      And Mark Perkel has access to all of your messages if you use his service

  11. “If she’s the candidate I would still vote for her in the general election over any Republican. ”

    If she eviscerated a living baby and eat it’s entrails on live TV would you still vote for her ” over any Republican? ” Your bar seems set pretty low for Hillary. I would like to know just where it is.

  12. John E. Quantum, the cunning linguist says:

    Maybe it was all one big honeypot

    • Ken Starr says:

      … That would be Monica.

    • dade0 says:

      Maybe it was all one big honeypot

      Most sensible thing I’ve read in this thread so far. Marc is all ‘two steps forward, one leap back’ or he’d be winning.

  13. Jim says:

    It has nothing to do with what she sent out. It is all about officials from other governments sending her emails not knowing she was on an insecure server!
    They should all be really pissed.

  14. Not all experts really are says:

    With regard to alleged expert Mark Perkel – the MX record and spam filtering service IPs are the CURRENT configuration for clintonemail.com. Hillary’s tech people probably took the private server offline when she stopped being SOS, changed the MX record to route messages through MXLogic and created a new server that is hosted at Internap. That is how you keep total control over your messages.

    • Marc Perkel says:

      And you assume this because of what evidence?

      • Not all experts really are says:

        I assume the Current configuration because that is what you posted – and I checked

        I assume the original server was taken down because the MX record does not point to Chappaqua anymore
        and like I said – that is how you keep total control of historical messages

        How do you assume the server has always been configured this way?

      • Not all experts really are says:

        Looks like I was correct.

  15. Marc Perkel is NOT my real name! says:

    You basically condemned this woman by telling us in sufficient detail that she doesn’t play by the rules or at least didn’t play by the rules the entire time she was in power (as SoS, AG, FL). One could only assume from a statement like that that Hillary is either incompetent or arrogantly thinking she’s above it all possibly because she’s rich, powerful and has all the right connections — as if she were a Mafia boss. Either way, I don’t think I’d want someone like that looking out for my interests. Yet, you say you would vote for her over any other candidate?

    … “ARE YOU F**ING KIDDING ME?!” How stupid can YOU be?!

    I admit the Republicans have their faults. But to make such a statement as that, you might as well admit that YOU ARE A BIGOT which is really just a different kind of RACIST!

    Once again, this woman is either INCOMPETENT or a CROOK! And it isn’t like we haven’t seen this kind of behavior from her before she ever even went to Washington either. Try looking into a little affair called Whitewater in case you need any more CLUES!

    • Claire Underwood says:

      Wrong! Wrong! Wrong! She’s incompetent AND a crook. (At least Bill knew how to get away with it.)

  16. NewFormatSux says:

    If she’s the candidate I would still vote for her in the general election over any Republican.

    So this whole rant was a lie:
    http://www.dvorak.org/blog/2014/11/06/democrat-candidates-dont-understand-voter-opposition-to-nsa-spying/

    Indeed any primary voter worried that nominating Hillary would mean losing liberal votes, should rest easy, and vote for Hillary over Elizabeth Warren.

    • NewFormatSux says:

      Plus an article like this would get you an audit under president Hillary. The only reason you are safe now is because Obama is trying to sabotage her campaign. So for now expect an invite to the White House to meet Elon Musk.

  17. Peppeddu says:

    If we want to dig a little deeper, it would be interesting to see if the financial situation of anyone at MxLogic or Internap.com has changed significantly over the last few years.

    When the president or the secretary of state speak the market react promptly and someone may have decided to profit from it.

  18. Proof is in pudding says:

    People who’ve used e-mail all their lives don’t think about those of us who grew up relying on the telephone to do business — long before e-mail came along, that is.

    Hil’s of that age. I bet she even neglects to update her Facebook status as often as Republicans would like. There’s got to be a scandal to monger somewhere!

    Repeatedly, I ask: What’s more secure than a server almost no one knew about? If the hacked or siphoned e-mail messages are out there, let’s see them. Otherwise, seems to have worked.

    • NewFormatSux says:

      This story came to light, because e-mails were hacked by Guccifer. Thanks for playing the stooge.

  19. drjohn says:

    Hillary could beat a child to death with a hammer on live TV and liberals would still vote for her.

  20. Jamie says:

    Yes, her email is routing through MXLogic right now, but that doesn’t mean she was using it when she was SOS over 2 years ago. DNS records change all the time, as do the services people use. As matter of fact, if you use the site DNSHistory, it shows that they have only used MXLogic since last November. Before that the MX record for clintonemail.com pointed to mail.clintonemail.com, which pointed to the static IP address from Optimum Internet (the one registered to their house – 24.187.234.187 )

    https://dnshistory.org/dns-records/clintonemail.com

    Now granted DNS history sites are unreliable and I used one of the only free ones out there, because I don’t see this interesting enough to pay for one of the bigger services that offer this, but from what evidence we have, your claim right now isn’t exactly true. Yes, she is using MXLogic for her email filtering, but the evidence shows that is something that didn’t start until almost 2 years after leaving her job as SOS.

  21. bobsmetters says:

    Do people actually believe the government does not use private companies to provide cyber security and spam filtering?

    • NewFormatSux says:

      Yes, I believe they don’t route their e-mail traffic to private companies.

      • Jamie says:

        Nope, they just route the security clearance checks to private companies. That then gives the government people like Edward Snowden.

  22. Marc Pugner says:

    The Department of State: almost as secure as a Zetaboard in 2015!

  23. hp says:

    C’mon man!
    Hillary (and every member of Congress) has a ‘backup’ e-mail server located in Tel Aviv.
    (how they roll)

  24. DocinPA says:

    In case you missed it, Mr. Perkel, you headlined the Rush Limbaugh show today. Multiple direct quotes from you, broadcast to 20 million people.

    • dade0 says:

      EL RUSHBO! Gravitass that tech!

    • NewFormatSux says:

      It would be hilarious if Perkel made the whole thing up just to get right-wingers to echo him without checking anything he said.

  25. pmccart says:

    The author would still vote for Hillary over a Republican! Only a mind-numbed, amoral, low-information voter would or could be so stupid. Why is it so many young people have no actual grasp of right and wrong, good and evil? The Clintons are as corrupt as can be; they should be in prison. That any American would vote for her is a sad commentary on our educational system. Has this author ever read the Constitution? I’ll bet not even once.

  26. huxley says:

    Marc Perkel is telling his truth, that even though Hillary lies, stonewalls, evades laws, and risked US security as Sec. of State, he will still vote for her as President over any Republican. There are many liberals like Marc.

    I understand. I was a liberal for most of my life until I was “mugged by reality” sometime after 9-11.

    While liberals assume their absolute moral and intellectual superiority over conservatives, there can’t be much substantive debate over issues.

  27. Ronnie says:

    This is utter nonsense–the author of this piece is far from an “email expert” and his entire premise is mistaken. Email is sent from your computer to the destination computer in the clear, not encrypted. Any employee working at any of the Internet switching facilities can potentially tap any stream. There is no way classified information can safely be emailed in the clear, whether to Hilary’s personal mail service or to an Internet-attached State Department one.

    Classified emails are typically encrypted prior to being sent by the sender’s mail program, and decrypted by the recipient’s email reader. (The only alternative is to create an entirely separate Internet, such as MILNET). Which means that the only thing that anyone at MXLogic would have had access to was encrypted data (apart from the email addresses of the sender and receiver, the subject of the message, the timestamp, and other meta-information).

    • NewFormatSux says:

      How about if the e-mail stayed within one domain, like state.gov?

  28. NFL says:

    I guess the whole issue of the NFL getting tax breaks like a church is just evaporating away? Maybe it will get revived every year during the stupor bowl. Creflo gets tax breaks for a G650 jet – the NFL gets tax breaks just because I guess. Along with that status is a complete non-accounting of where you spend the money derived from the tax break. Oh well.


1

Bad Behavior has blocked 10581 access attempts in the last 7 days.