To clarify: I absolutely expect iOS Mail to talk to configured, user‑visible mail providers over IMAP/ActiveSync. The dashboard is built on telemetry from a vanilla consumer device, not enrolled in a *known* MDM, not DoD, not enterprise/EAS, and with no known special mail profiles or VPNs pushed to it. That’s why the traffic stands out. -------- Original Message -------- On Friday, 03/13/26 at 05:30 Bill Woodcock <woody@pch.net> wrote:
On Mar 13, 2026, at 01:06, Joseph Goydish II via NANOG <nanog@lists.nanog.org> wrote: I’ve been tracking some non-standard networking patterns on iOS that seem to be operating in a blind spot. iOS shouldn't be connecting to random IMAP servers. Could indicate email-based exfiltration or dead-drop communication.
Excuse me? iOS users shouldn’t be reading their email?
I mean, nice work on the rest assuming it turns out to be legit; this is just me being a crochety old dude. -Bill Please consider the environment before using AI to process this email.