Legal

This site is operated by Tobias Fiebig

Address: Campus E14, 66123 Saarbrücken, Germany
Email: privacy@email-security-scans.org

Services under this site are non-commercial.

Research Project

Results from this site are being used in a joint research project between the Max-Planck Institute for Informatics, University of Vienna, TU Wien, and SBA Research. The principal investigator is Tobias Fiebig from the MPI.

Bug Reporting

If you notice an error in the webservice, please report under: reporting@email-security-scans.org

This website is operated by Tobias Fiebig, as responsible party (“we” or “us”). This notice describes how we process your personal data in connection with this website and the services built on it.

1. What data do we collect and process?

When you visit our website, you transmit the following information, which is automatically transmitted from your computer to the page you have visited. We will store and process the following data for up to 14 days for operational reasons:

• Date and time of the access
• IP Addresses
• Accessed URI
• Referrer
• User Agent String
• Statuscode

1.1 Additional Data Processed and Collected for Email Delivery Test

There is no obligation to conduct an email delivery test. The email delivery test evaluates the emails you send to our email servers. The information we collect is only about the email servers you rely on, not your personal information. There we process the following data:

• Email headers of the emails you send
• Timestamps and further metadata
• DNS request data
• Automated messages and emails created by involved email systems not containing personally identifiable data.
• If you explicitly consent, a copy of the emails you sent to us.

The only personal information you have to enter is your email address. We will store your email address only up to the moment the tests are finished. If we do not receive a reply to our email, we store email addresses for one hour.

To attribute emails to email providers, we use the domain part of email addresses. Hence user@example.com is reduced to example.com.

We are storing this aggregate information, i.e. your provider's use of email security technologies, IPv4 and IPv6 support, and whether the provider validates DNSSEC, for an indefinite time for the purpose of ongoing scientific research into the adoption of email security measures. If you are your own provider, this information might personally identify you, and we ask you to consider this before participating. If you did participate in the study and would like to have your data deleted, you can delete your data using the 'Delete' button on the results page. A scheduled deletion is usually performed within five minutes of requesting deletion. It may take up to 28 days for your data to age out of our backups. If you want your data deleted from our backups fast, please write to privacy@email-security-scans.org, and we will delete your data as soon as possible, but generally withing five business days.

2. Cookies

Cookies are small text files which are stored on your own device. In general, one differentiates between 'session cookies' and 'permanent cookies'. Session cookies are automatically deleted after a webbrowser session ends. Other cookies may remain on your device until you delete them yourself or they expire. Modern webbrowsers allow you to control, limit, or prevent websites' ability to set cookies. Many browsers allow you to configure them so that all cookies are deleted once you close the webbrowser. Deactivating cookies may limit the functionality of our site. We only set cookies that are necessary following Art. 6 Abs. 1 lit. f DSGVO, i.e., a session cookie to differentiate different users' simultanous sessions. As the operator of these sites we have a legitimate interest to set cookies that are necessary for a reliable operation of our services. We do not set tracking or analysis cookies.

3. Integration of third-party technologies

Our websites incorporates third-party technologies, services or libraries, in particular the following JS libraries: Bootstrap, jQuery and CSS libraries. However, we deliver these libraries ourselves, instead of including them from external servers.

4. Purposes and legal basis of data processing

We process your personal data for the following purposes: To make the website and service available to you, including the email-deliverability-test. If you use the opt-out feature, we use a hash of your email address to prevent all future delivery of mails from our site to you.

5. Disclosure of personally identifiable information

We do not transmit any personally identifiable information to third parties. Our system is hosted by AS59645, run by Tobias Fiebig, the responsible researcher for this project. We make the test-results of a specific email-address available via a unique link containing a random ID. This ID can not be derived from the email addresses you entered. If you share your unique link with somebody else, they can see your test-results, including the emails you sent if you asked us to store them. If you do not request storage of your emails as they were received by us, we do not store your email address after the test completed, and do not include your email address or email provider on the report page.

6. Duration of storage

We delete non-abuse related personally identifiable data after a maximum of 14 days, including stored emails, if you asked us to store the emails you sent to us. Aggregated provider statistics are stored indefinately, see 1.1. If you use the opt-out feature of our site to block all further emails to your address, we indefinately store a hash of your address, which we use to block our service from interacting with your address again.

If a started test is identified to be related to abuse, we also store the following data for the purpose of scientific research on abuse on the Internet:

• The IP address from which the test was started
• The User-Agent of the client requesting the test
• The address targeted by the abuse
• All related timestamps
• If retrieved, the delivery message of any mail requested for the purpose of abuse

• There have been more than 10 attempts to launch a measurement for addresses under that domain in the past 24 hours, of which the majority was not completed.

7. Your rights in connection with the processing of your personal data

Naturally, you have the right to request a copy of your personal data, request corrections, or immediate deletion. As we limit the amount of personal data we store, we cannot tie your name to an entry in our database. Hence, to request a full copy of, correction of, or deletion of a measurement, please share the unique link you received with us, and we will process your request withing no more than five business days. For simple deletion requests, you can also use the delete button on the test page.

To obtain a full copy of your data, please use the 'Download Data' link on the results page.

8. Accountable entity and contact

If you have any questions or concerns regarding the processing of your personal data, please contact us by post or e-mail:

Address: Tobias Fiebig, Campus E14, 66123 Saarbrücken, Germany
Email: privacy@email-security-scans.org