A Financial Times investigation dated July 17, 2023, revealed that, since 2014, the US Army has been mistakenly sending millions of emails to the country of Mali, some of which are confidential. Over the past year alone, 117,000 emails have thus been leaked. The source of the issue is as trivial as it is pernicious: a simple typo in the top-level domain name, with “.ml” (Mali’s country code) entered instead of “.mil” (code used by US military)
Johannes Zuurbier, the Dutchman in charge of the “.ml” domain name, thus receives US emails on a daily basis. Despite reporting the issue several times since 2014, he never received an official answer from the US government. “The risk is very real, and enemies of the United States could take advantage of it,” he said.
The typo has already caused millions of confidential, albeit unclassified, documents to be sent to Mali. “Diplomatic documents, tax declarations, passwords, travel details for senior officials…” The list is all the more problematic as the government of Mali has fairly close ties to Russia.
When questioned, the Pentagon answered the Department of Defense “was aware of the issue, and took all unauthorized disclosures of national security data or unclassified information seriously.”
However there seems to be no obvious solution to the problem, as errors such as this one can easily occur, without necessarily involving malicious intent. Moreover, installing automated warning processes in all US military email servers would be costly and complex.