Privacy/Mail: Difference between revisions

From Nasqueron Agora
(Proofreading by GPT-4o model using ChatGPT from OpenAI)
Line 1: Line 1:
This policy applies to personal identity information when using the Nasqueron mail services.
This policy applies to personal identity information when using the Nasqueron mail services.


This private policy supplements the [[Privacy/General privacy policy|general private policy]] to explain the policies and procedures on the collection, use and disclosure of the information, specific to the mail services.
This private policy supplements the [[Privacy/General privacy policy|general private policy]] by outlining the specific policies and procedures for the collection, use and disclosure of the information in relation to mail services.


The [[Privacy/General privacy policy|general private policy]] applies for any point not described otherwise in this policy.
The [[Privacy/General privacy policy|general private policy]] applies for any point points not otherwise addressed in this document.


''Last updated:2024-10-26.''
''Last updated:2024-10-26.''
Line 17: Line 17:
* IP addresses used to connect to the service
* IP addresses used to connect to the service
* IP addresses of other mail servers connecting to the service to transfer mails (SMTP to SMTP)
* IP addresses of other mail servers connecting to the service to transfer mails (SMTP to SMTP)
* The mail content, including any personally identifiable information it can contain
* Mail content, including any personally identifiable information it may contain


=== Retention ===
=== Retention ===
'''When we act as a transfert agent.''' When sending an e-mail for another mail server, e.g. when you send an e-mail to a @gmail.com address, or any other domain NOT managed on Nasqueron, the mail content and metadata are stored in our server as long as necessary to forward it to the SMTP server, and deleted when that server has acknowledged the mail. Some metadata are logged by the mail server software and are processed according general log retention.
'''When we act as a transfert agent.''' When sending an e-mail for another mail server (e.g. when you send an e-mail to a @gmail.com address or any domain NOT managed on Nasqueron), the mail content and metadata are stored in our servers only as long as necessary to forward it to the destination SMTP server. The data is deleted once the destination server has acknowledged the e-mail. Some metadata are logged by the mail server software and processed according to the log retention policy.


'''Mail content.''' When you use a combination of POP and SMTP, the logs are not kept on the server longer than needed for collection and transfer. When you use IMAP, the mails are kept on the server as long as you don't delete them through any IMAP client, including webmails. Webmails normally use IMAP. You're under full control for the retention of any mail you received, but remember the sender has also a copy, and, when a mail is sent to several people, other recipients. You aren't in control of any mail you sent, they're in control, first of the maintainers of the SMTP servers mechanism for exchange and delivery, then of the mail recipients.
'''Mail content.''' When using a combination of POP and SMTP, mails are kept only as long as necessary for collection and transfer. When using IMAP, the mails are kept on the server until you delete them via an IMAP client, including webmails clients, which typically use IMAP. You have full control over the retention of any received mails. However, keep in mind that the sender and any other recipients also have copies. You do not control sent emails; instead, they are managed first during transfer by the maintainers of the SMTP servers involved in delivery, and then by the email recipients.


'''Logs.''' Mail logs are precious to identify pattern of abuses, ongoing attacks, troubleshoot communication issues between servers or clients. We're currently implementing a retention policy and technical mechanism to implement it. Meanwhile, the logs are stored as long there is a legitimate interest to keep the data.
'''Logs:''' Mail logs are essential for identifying abuse patterns, monitoring ongoing attacks, and troubleshooting communication issues between servers or clients. We are currently implementing a retention policy and technical mechanisms to enforce it. In the meantime, logs are stored as long as there is a legitimate interest to retain them.


=== Transfer ===
=== Transfer ===

Revision as of 12:24, 26 October 2024

This policy applies to personal identity information when using the Nasqueron mail services.

This private policy supplements the general private policy by outlining the specific policies and procedures for the collection, use and disclosure of the information in relation to mail services.

The general private policy applies for any point points not otherwise addressed in this document.

Last updated:2024-10-26.

Mail infrastructure

When using our mail infrastructure, including our SMTP, IMAP and POP servers, the following privacy policies apply.

Type of data collected

Personally identifiable information may include, but is not limited to:

Mail infrastructure use - SMTP / IMAP / POP
  • IP addresses used to connect to the service
  • IP addresses of other mail servers connecting to the service to transfer mails (SMTP to SMTP)
  • Mail content, including any personally identifiable information it may contain

Retention

When we act as a transfert agent. When sending an e-mail for another mail server (e.g. when you send an e-mail to a @gmail.com address or any domain NOT managed on Nasqueron), the mail content and metadata are stored in our servers only as long as necessary to forward it to the destination SMTP server. The data is deleted once the destination server has acknowledged the e-mail. Some metadata are logged by the mail server software and processed according to the log retention policy.

Mail content. When using a combination of POP and SMTP, mails are kept only as long as necessary for collection and transfer. When using IMAP, the mails are kept on the server until you delete them via an IMAP client, including webmails clients, which typically use IMAP. You have full control over the retention of any received mails. However, keep in mind that the sender and any other recipients also have copies. You do not control sent emails; instead, they are managed first during transfer by the maintainers of the SMTP servers involved in delivery, and then by the email recipients.

Logs: Mail logs are essential for identifying abuse patterns, monitoring ongoing attacks, and troubleshooting communication issues between servers or clients. We are currently implementing a retention policy and technical mechanisms to enforce it. In the meantime, logs are stored as long as there is a legitimate interest to retain them.

Transfer

The PII is processed only on Nasqueron infrastructure.

Webmail use

Snappymail

Inclusion of sender’s IP address in outgoing e-mails

When using Snappymail to send an email (not to read them), the platform is not anonymous. The system is configured to add an X-Originating-IP header to outgoing messages, which contains the sender's IP address. The HTTP client address, typically the browser's IP address, is used as the source value.

Use of third-party services

Gravatar. When using Snappymail to read email, the Gravatar service is used to fetch avatars matching the e-mail senders. In doing so, a SHA-256 hash of each sender’s email address is transmitted to the Gravatar service. With current cryptographic technology, the e-mail address itself cannot be retrieved from the hash. The Gravatar service is operated by Automattic Inc.