Slashdot Mirror

← Back to Stories (view on slashdot.org)

Clinton's Private Email Was Blocked By Spam Filters, So State IT Turned Them Off (arstechnica.com)

Posted by BeauHD on from the spam-folder dept.

An anonymous reader quotes a report from Ars Technica: Documents recently obtained by the conservative advocacy group Judicial Watch show that in December 2010, then-U.S. Secretary of State Hillary Clinton and her staff were having difficulty communicating with State Department officials by e-mail because spam filters were blocking their messages. To fix the problem, State Department IT turned the filters off -- potentially exposing State's employees to phishing attacks and other malicious e-mails. The mail problems prompted Clinton Chief of Staff Huma Abedin to suggest to Clinton (PDF), "We should talk about putting you on State e-mail or releasing your e-mail address to the department so you are not going to spam." Clinton replied, "Let's get [a] separate address or device but I don't want any risk of the personal [e-mail] being accessible." The mail filter system -- Trend Micro's ScanMail for Exchange 8 -- was apparently causing some messages from Clinton's private server (Clintonemail.com) to not be delivered (PDF). Some were "bounced;" others were accepted by the server but were quarantined and never delivered to the recipient. According to the e-mail thread published yesterday by Judicial Watch, State's IT team turned off both spam and antivirus filters on two "bridgehead" mail relay servers while waiting for a fix from Trend Micro. There was some doubt about whether Trend Micro would address the issue before State performed an upgrade to the latest version of the mail filtering software. A State Department contractor support tech confirmed that two filters needed to be shut off in order to temporarily fix the problem -- a measure that State's IT team took with some trepidation, because the filters had "blocked malicious content in the recent past." It's not clear from the thread that the issue was ever satisfactorily resolved, either with SMEX 8 or SMEX 10.

15 of 268 comments (clear)

  1. Typical . . . by Anonymous Coward · · Score: 5, Insightful

    big boss tells IT to do whatever it takes to make THEM happy, even if it violates policy. Same story everywhere.

    1. Re:Typical . . . by Anonymous Coward · · Score: 5, Insightful

      No, both the boss and IT work for the organization. U fail big time.

    2. Re:Typical . . . by Tuidjy · · Score: 4, Interesting

      I have done it, literally, multiple times. I am the IT director of a privately owned manufacturing company. I report directly to the owner, and "this will be back for the company" is my trump card. Of course, I do not use it all that often, and of course, before I play it, I write page long arguments why I think so.

      So, yes, a IT head duty is exactly to explain to his boss why something is a bad idea. Of course, I will obey an order from the owners to do something - it is their company, and they will bear the losses. But as I have explained to them, maaaaybe in not these exact words, if they think I don't know how to do my job, maybe they should hire someone whom they think know how to do it better.

      Has my career ground to a halt? Well, I've had the position since 1997. So I guess it is technically halted. But I honestly do not mind where I am.

      --
      No good deed goes unpunished...
  2. Trend Micro in the US Government? by damn_registrars · · Score: 4, Interesting

    I thought the US government was concerned about Chinese made technology potentially giving up important information to the Chinese government. How is Trend Micro allowed in the State Department?

    --
    Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
    1. Re:Trend Micro in the US Government? by MiniMike · · Score: 5, Funny

      How is Trend Micro allowed in the State Department?

      It was authorized in an email directly from Hilary.Clinnton@state.us.gov.cn

  3. Whitelist by stabiesoft · · Score: 5, Insightful

    I run my own server for my tiny company. I've spent maybe 40 hrs total configuring spam. I have options to whitelist, blacklist, auto greylist, and various other options. It is inexcusable they can't do simple whitelisting by IP.

    1. Re:Whitelist by khasim · · Score: 4, Interesting

      The worse issue is that her server wasn't setup with a certificate. So no startTLS option.

      So all the emails she sent to it were sent IN THE CLEAR.

      So yeah, it seems like idiots all around this issue. None of them understood email or security or anything more than click-here-to-make-blackberry-work.

    2. Re:Whitelist by ebonum · · Score: 3, Insightful

      They couldn't simply white list her IP. It is a little know fact that her server was on a home connection and she had a dynamic IP. However, the IT team was surprised to learn that bitch.dnsdynamic.com was available for DDNS.

      (all my facts may or may not be of a questionable source and I preemptively plead the 5th)

  4. FOIA requests by bangular · · Score: 5, Insightful

    She did this to skirt FOIA requests. I'm not sure why there aren't any major news agencies with the balls to say it.

    1. Re:FOIA requests by SensitiveMale · · Score: 5, Insightful

      She did this to skirt FOIA requests. I'm not sure why there aren't any major news agencies with the balls to say it.

      The majority of those news outlets want her to win.

      And are willing to help her any way they can.

  5. Re:BINGO by SensitiveMale · · Score: 5, Insightful

    This is probably the reason that Clinton was using her own email server: the government email systems sucked because they were run by incompetent people.

    Really? Look, I'm no fan of the govt, but I seriously doubt that the email admin for the State Department, The State Department of the United States, is incompetent.

    Now the person that set up Clinton's open email system in her bathroom, yeah. I believe he was incompetent.

  6. Re:BINGO by dfenstrate · · Score: 4, Insightful

    You're free to advocate prosecution of Colin Powell if you wish. Nothing Powell did, legal or illegal, exonerates Hillary Clinton.

    --
    Alcohol, Tobacco and Firearms should be the name of a store, not a government agency.
  7. Re:Whiskey Tango Foxtrot. by davester666 · · Score: 3, Insightful

    Of course, the luggage still opens with 1 of 7 keys, which can be 3d printed at home, since some moron at the TSA allowed all the keys to be photographed and published in a national magazine.

    They definitely don't pick from the top shelf when stocking the TSA with talent...

    --
    Sleep your way to a whiter smile...date a dentist!
  8. Re:BINGO by Anonymous Coward · · Score: 5, Insightful

    There's a huge difference between Colin Powell and Hillary Clinton: by the time Hillary Clinton was Secretary of State, email had become the standard way to do things, there was an email system all set up for her, and there were regulations requiring her to use the official email system unless she had a good reason to do something else (and to routinely use her own email system required approval she never asked for and never got).

    Colin Powell says he didn't send or receive classified information. Recently, a grand total of two emails that were sent to him were "retroactively classified" (to use Hillary Clinton's term). Neither of the two were classified "Secret" or above. In comparison, of Hillary Clinton's known emails, over 2100 contain classified information, 65 "Secret", 22 "Top Secret" (source)

    In 2005, after Colin Powell but before Hillary Clinton, rules were developed over use of email. Colin Powell couldn't have broken them as they were put together after he was already gone, but Hillary Clinton absolutely broke them. She avoided using an official account set up for her to use, and went to great lengths to continue to use it rather than the official one. And she was required to take a training course every year about how to properly keep secrets, but there is no evidence she did so. She took the class once right after she got the job and then never took the class again.

    And of course, even if Colin Powell was guilty of the exact same crimes as Hillary Clinton, that still wouldn't excuse her.

    And it's obvious to anyone with common sense what her motive was: she wanted to control access to her emails. Some of her email could be embarrassing if someone read it (after filing an FOIA request) so she wanted to make sure there were no official copies of anything she didn't like. She committed conspiracy to avoid keeping Federal records that she was legally required to keep.

    If you are willing to excuse Hillary Clinton for this kind of egregious lawbreaking, then you will have no moral right to complain later when President Trump does something just as bad. We're geeks here in ./ and we understand well enough to damn well know why what she did was stupid as well as illegal and wrong. Don't give her a pass for immoral behavior just because she is on your side. If you have to hold your nose and vote for her because you really really just can't even Trump, then fine and dandy, but just admit it to yourself: you would be voting for someone willing to break the law and lie about it (as proven by this email controversy).

    http://www.weeklystandard.com/why-colin-powells-emails-are-not-like-hillarys/article/2000949

    https://www.washingtonpost.com/news/fact-checker/wp/2015/03/10/the-misleading-democratic-spin-on-hillary-clintons-emails/

    http://townhall.com/tipsheet/guybenson/2016/02/05/no-the-powell-and-condi-classified-emails-story-is-not-a-gamechanger-n2114842

  9. Re: BINGO by mveloso · · Score: 3, Informative

    Specifically, Powell et al did NOT run their own server. They used commercial providers like Google and yahoo. I guess Hotmail was just too cheesy.