Re: EFAIL

Brendan_Burk · ‎05-14-2018

This is my first time posting, so I apologize if this is in the wrong place, but I was wondering if anyone has seen any impact from the release of the efail email encryption vulnerabilities yet? A big part of my concern, is the recommendation by the authors to turn of HTML rendering, and what that will do to our tracking / interaction data.

Brendan Burk

Grégoire_Miche2 · ‎05-14-2018

Hi Brendan,

And please move your question to Products. About Community is for questions about the community itself.

-Greg

SanfordWhiteman · ‎05-14-2018

Thanks, Greg, missed that this time -- definitely should be moved.

SanfordWhiteman · ‎05-14-2018

No end-to-end encryption technologies are used by Marketo-generated emails so I would have zero concern about this.

It's no more significant than, say, an HTTP client cert vulnerability when you're not using client certs.

Brendan_Burk · ‎05-14-2018

That makes sense. I guess my biggest concern is the adoption, by my recipients, of the solution of not allowing HTML rendering. I understand there's not much I can do about if it is happening, but I would like to be aware if it is.

Brendan Burk

SanfordWhiteman · ‎05-14-2018

The chance of a mailbox owner who's affected by this vulnerability also [a] getting your emails in the first place and [b] disabling HTML rendering now, for the first time, for all email (not just encrypted email) is basically zero.