Jonathan Kamens 86 47Nov 20, 2024
Here's a piece of #freeAdvice for #startup #CEO's…
If you're acquired, make sure you get an email out to all your shareholders, a.k.a. former employees with exercised stock options, about the acquisition _before_ the law firm handling the acquisition sends them email containing the code they'll need to access their stock option payout.
In other, definitely related news, my former employer #Numerated has apparently been acquired by #MoodysAnalytics, and I'll be getting some money from my stock.
Show threadJonathan Kamens 86 47Nov 20, 2024
Follow up on this: I received an email message from "PNC Paid" with instructions for using the code I was emailed previously to start the process of receiving my stock payout.
Then I received a _second_, nearly identical email from "PNC Paid" a few hours later, sent to a different email address of mine, with a different link in it. Which is problematic because the email claims the link is customized for me.
(continued)
Show threadJonathan Kamens 86 47Nov 20, 2024
I tried to use the link in one of the emails and the code previously sent to me to start the process, and I was blocked when the site claimed it was sending an authorization code to my email and then… just didn't. I _know_ they didn't because I run my own mail server and I can see from the logs that there was no attempt to send me an email containing a code. I waited until that code timed out and tried again. Again, no code email was sent to me.
(continued)
Show threadJonathan Kamens 86 47Nov 20, 2024
I then tried using the link in the _other_ email from PNC Paid to see if it would work any better. It did not; again, I received no code.
I emailed the people orchestrating all this and asked for assistance. They responded, "PNC initially got a bounce back from this address, which I imagine is the root of the problems. I’ll ask them to reach out directly to assist."
Which is bullshit because my email server works perfectly fine and does not bounce legitimate emails.
smdh
Show threadJonathan Kamens 86 47

It looks like PNC Paid is using #ProofPoint servers for its outbound email delivery. I know from personal experience that ProofPoint absolutely sucks at email delivery, so perhaps that's part of the problem.

Note that ProofPoint, A SECURE EMAIL COMPANY, runs mail servers that are incapable of negotiating non-deprecated TLS ciphers:

STARTTLS=server, error: accept failed=-1, reason=no shared cipher, SSL_error=1, errno=0, retry=-1, relay=mx0a-000ade01.pphosted.com [205.220.165.107]

#infosec

Nov 20, 2024 at 8:27pmWeb
Show threadJonathan Kamens 86 47Nov 21, 2024
This was resolved by #PNC customer support sending email _to my #gmail account_ asking me to confirm that I wanted to change the email address on my account to my gmail account, after which they made that change and restarted the enrollment process with the new address.
This was apparently acceptable because I authenticated myself to them over the phone by reciting the authentication code I had been previously sent at my non-gmail address.
Show threadJonathan Kamens 86 47Nov 21, 2024
#ProofPoint has no trouble sending emails to #gmail, implying that gmail's servers support #TLS versions or ciphers that are no longer considered sufficiently secure. #smdh
Show threadJonathan Kamens 86 47Nov 22, 2024
It turns out this isn't so simple.
I can't say whether Gmail's servers accept insecure TLS ciphers, because it turns out the TLS connection failures weren't the only reason #Proofpoint was failing to deliver email to my server.
There was another reason, which was my fault.
I started looking deeper into this when I discovered that #IronPort appliances were having the same problem as Proofpoint delivering email to me.
I wrote up the whole debugging story here:
https://blog.kamens.us/2024/11/21/yet-another-night-debugging-email-delivery-problems/
Yet another night debugging email delivery problems

I’ve run my own mail server for 30+ years. It’s a pain sometimes, but I’m a stubborn old cuss and I think it’s worth it both because I value my privacy and don’t want …

Something better to do
Show threadEmoryNov 21, 2024
@jik that's alarming and i am about to survey fastmails relays now 😆
Show threadOzzie D, NP-hard  Nov 22, 2024
@jik Proofpoint mail servers have been a thorn in my existence for most of the last year -- I wasn't able to send mail from my home mail server to one of my employers, or to my ISPs support domain (both of which use Goofpoint). Working right now from a different IP, no thanks to them.