I've noticed that Darktrace is flagging the domain protonmail.me as suspicious lately, and I'm curious if anyone else has experienced this or knows the reason behind it. It seems like it might just be a case of misjudging the domain based on its reputation for privacy, which could lead to a higher risk being assessed. The alerts I see include details like the destination age, country (CH), destination IP, ASN (Proton AG), and other technical info, but it doesn't provide great insight into why it's flagged. While I'm not overly worried, I wonder if there are underlying issues I should consider or if it's just a common overreaction from their detection algorithms.
3 Answers
If someone’s using ProtonMail on a company network, it might raise eyebrows, but it really depends on the context. I've used ProtonMail for my main accounts because it offers privacy and security, which is crucial in today’s world. I don’t think it's inherently suspicious; it just shows a user prioritizing their privacy. Lots of consultants I know also use it without issues.
We've had Darktrace for four years and experienced countless false positives. It feels like a wild-goose chase sometimes. You just end up sifting through alerts that don’t lead to anything substantial!
Yeah, two of the Axios attacker accounts were linked to proton.me, which is probably what triggered some flags. But honestly, if it’s part of a user’s daily pattern, Darktrace shouldn’t see it as a risk. If this is a one-off event, then sure, it’s something unusual to watch closely.
Why is that a red flag? It's just about privacy! I’ve worked with several consultants using ProtonMail as well.