> Zuurbier has been collecting misdirected emails since January in an effort to persuade the US to take the issue seriously. He holds close to 117,000 misdirected messages — almost 1,000 arrived on Wednesday alone. In a letter he sent to the US in early July, Zuurbier wrote: “This risk is real and could be exploited by adversaries of the US.”<p>> Control of the .ML domain will revert on Monday from Zuurbier to Mali’s government, which is closely allied with Russia. When Zuurbier’s 10-year management contract expires, Malian authorities will be able to gather the misdirected emails. The Malian government did not respond to requests for comment.<p>Oops.
Not sure much can be done here short of the US Government hijacking the .ml domain altogether via ICANN, which, if even achievable, would probably cause worse side-effects than the leaking of low-grade intelligence to Mali. Probably the best partial mitigation would be to make it a condition of doing business with the military to put a blocker on all emails to .ml domain, and for all partner militaries to do the same. Still won't prevent every instance, but they can probably prevent 80% of the most sensitive emails by doing this for 20% of people who communicate with them.
The cause isn't just a "typo". Sounds like they went to effort to set up DNS MX records and SMTP servers for domains like `army.ml`.<p>Also, not only did they set up something specifically to capture the emails that they knew weren't intended for them (incidentally preventing the senders' own SMTP servers from alerting the senders of the problem almost immediately), but... it sounds like they also examined the content of some of the diverted emails that they knew were sensitive and not intended for them.<p>I can't tell from the article whether they've finally disabled this diversion of the emails. Nor whether they had a plan to scrub all copies of the emails before it's out of their control, maybe offering US diplomats/officials a deadline to get a copy if they want it<p>Also, if they're now acting in good faith, and interfacing with US officials, I wonder who leaked this situation to the press, and why.
The title gives the impression that one typo led to the leaking of millions of emails from the US military servers, which is not the case here.<p>- Presumably each typo led to one leak. "Typos leak emails" would be more appropriate in that case.<p>- Are they really "US military emails" if they originated from elsewhere and one of the intended recipients was on the '.mil' domain? Apparently "emails sent directly from the .mil domain to Malian addresses are blocked before they leave the .mil domain".
@dang.... should probably correct the title to say Typos vs Typo<p>The current title implies that its a single keystroke misconfiguration that is causing this when instead it's lots of people just not typing the e-mail correctly.
A temporary solution would be to block all traffic of email to ml domain on computers and vpn used by the military and respond with an error. If anyone outside military computers and emails is sending such classified information this is a bigger problem and not just a typo issue.<p>Update: missed the part that this is incoming emails problem from non military.
Conspiracy theory time: deliberate acts to provide Casus Belli for American invasion. Along the lines of Colin Powell's vial of anthrax at the UN or the "baby incubators" statements from a Kuwaiti princess a decade earlier.<p>The article states "closely allied with Russia" and the current establishment desires to punish anyone who doesn't distance themselves from Russia. The emails might be nothing sensitive to the state but they can just lie and say "Mali is deliberately intercepting emails meant for the military". Well that wouldn't even be a <i>lie</i> because someone did set up something to catch emails going to dot-ml which were meant for dot-mil.<p>A nice war helps also helps with elections at home.