Multiple broken email addresses in CNAsList.json — May 2026 audit (4 CNAs)

[kurtseifried]

Multiple broken email addresses in CNAsList.json — May 2026 audit (4 CNAs)

Companion to #3937 (broken URLs in CNAsList.json). Same dataset, same methodology pattern, different field: this issue covers the email addresses in contact[].email[].emailAddr.

Methodology

1. Extracted all 475 unique email addresses from contact[].email[].emailAddr across the 502 CNAs in src/assets/data/CNAsList.json.
2. Bulk-verified via QuickEmailVerification (DNS + SMTP RCPT TO probe with accept-all detection).
3. For each address that failed verification, sent a real test message from a regular Gmail account and inspected the bounce.

The QEV pass classified 449 valid (94.5%), 22 unknown (mostly anti-spam rate-limited probes — false alarms), and 4 invalid. Real-mail testing confirmed the 4 invalid results.

The 4 confirmed-broken addresses (real-bounce evidence)

CNA	Email	Bounce response	Diagnosis
Ribose Limited (Ribose, CNA-2023-0023)	cve-coordination@ribose.com	550 5.4.1 Recipient address rejected: Access denied (Microsoft Exchange Online apcprd02)	Tenant exists, address disabled or never created
Silver Peak Systems, Inc. (Silver_Peak, CNA-2020-0011)	sirt@silver-peak.com	550 5.4.1 Recipient address rejected: Access denied (Microsoft Exchange Online namprd05)	Post-acquisition staleness — Silver Peak was acquired by HPE/Aruba; the silver-peak.com Exchange tenant still exists but the sirt@ alias is retired
Tanium Inc. (Tanium, CNA-2025-0059)	security@tanium.org	No MX records; A records present but port 25 refuses connections from any IP. Gmail queued the message and will eventually bounce after retry backoff.	Wrong domain — Tanium's live domain is tanium.com. tanium.org has no email service.
WatchDogDevelopment.com, LLC (watchdog, CNA-2024-0054)	security@watchdog.com	550 5.1.1 User does not exist	Mailbox literally doesn't exist at the receiving server

Notes on tanium.org specifically

Per RFC 5321 §5.1, when a domain has no MX record, SMTP clients fall back to A/AAAA records (implicit MX). tanium.org's A records (198.49.23.144, 198.49.23.145, 198.185.159.144, 198.185.159.145) all return TCP "connection refused" on port 25 — confirmed from two separate networks. So mail to security@tanium.org is functionally undeliverable. The address should be replaced with security@tanium.com (or whatever Tanium's preferred PSIRT contact is on their actual primary domain).

Suggested next step

Reach out to each of the 4 CNAs to confirm and provide a current email contact, then update CNAsList.json. As with #3937, a periodic CI validator that does both DNS-MX-with-A-fallback lookup and an SMTP RCPT TO probe (or even just monthly real-mail tests for any non-accept_all address) would catch this kind of staleness automatically.

The full email verification CSV and the test-mail bounce evidence is in CloudSecurityAlliance/SecID/working-data/cve-org-url-audit/ (email-cna_verified.csv, proposed-email-issue-body.md).

Related

• Multiple broken URLs in CNAsList.json — May 2026 audit (17 CNAs, 23 URLs) #3937 — broken URLs in the same dataset (different field, same root cause: post-acquisition / vendor-rebrand staleness in CNAsList.json contact info).

[kurtseifried]

Just a note on tanium, it's definitely broken:

Delivery incompleteThere was a temporary problem delivering your message to security@tanium.org. Gmail will retry for 46 more hours. You'll be notified if the delivery fails permanently.LEARN MORE	Delivery incompleteThere was a temporary problem delivering your message to security@tanium.org. Gmail will retry for 46 more hours. You'll be notified if the delivery fails permanently.LEARN MORE	Delivery incomplete	There was a temporary problem delivering your message to security@tanium.org. Gmail will retry for 46 more hours. You'll be notified if the delivery fails permanently.	LEARN MORE
Delivery incompleteThere was a temporary problem delivering your message to security@tanium.org. Gmail will retry for 46 more hours. You'll be notified if the delivery fails permanently.LEARN MORE	Delivery incomplete	There was a temporary problem delivering your message to security@tanium.org. Gmail will retry for 46 more hours. You'll be notified if the delivery fails permanently.	LEARN MORE
Delivery incomplete
There was a temporary problem delivering your message to security@tanium.org. Gmail will retry for 46 more hours. You'll be notified if the delivery fails permanently.
LEARN MORE
The response was:The recipient server did not accept our requests to connect. For more information, go to https://support.google.com/mail/answer/7720 [tanium.org 198.49.23.144: timed out] [tanium.org 198.49.23.145: timed out] [tanium.org 198.185.159.145: timed out] [tanium.org 198.185.159.144: timed out]

Delivery incomplete
There was a temporary problem delivering your message to security@tanium.org. Gmail will retry for 46 more hours. You'll be notified if the delivery fails permanently.
LEARN MORE
The response was:
The recipient server did not accept our requests to connect. For more information, go to [https://support.google.com/mail/answer/7720 tanium.org 198.49.23.144: timed out] [tanium.org 198.49.23.145: timed out] [tanium.org 198.185.159.145: timed out] [tanium.org 198.185.159.144: timed out]