- Report: Measuring QQMail's automated email censorship in China
- Date Published: August 23rd, 2021
QQMail E-mail Service
By spoofing messages sent to the QQMail MX server, we are able to identify if a given QQMail address has communicated with another arbitrary email address. Impact
We have found that we are able to measure when a given QQMail email account has sent email to another email address. We do not require access to either the QQMail account or the account of the other email address to determine this.
- May 20 2021 - We signed in to Tencent security disclosure site and submitted disclosure.
- May 27 2021 - The vendor responded and stated that as there are numerous variables that go into determining "maliciousness", mail exchanges alone were not sufficient. Thus, they have stated that they do not believe this disclosure is a privacy concern.
- 27 August 2021: Report published.