Might seem like small potatoes given that we're still dealing with a coup from an unelected billionaire, but we do what we can, right? This story from Nextgov caught my eye, because it points out that OPM didn't have the capability to send millions of emails to govt employees at the scale they did recently offering widespread buyouts.
"A lawsuit filed by unnamed federal employees in Washington, D.C. on Monday alleges that OPM violated the E-Government Act of 2002 by failing to conduct and publish required Privacy Impact Assessments before deploying the new email arrangement to collect the responses from government employees."
"Just days before President Donald Trump’s inauguration, OPM did not have the capability to send a mass email of that scale, according to a person familiar with the matter. To send mass emails, the agency had used govDelivery, a cloud communications service provided by public sector IT company Granicus, a different person familiar said."
"The govDelivery contract had restrictions on the volume of emails available to send without incurring added costs, and the agency would not have been able to reach 2.3 million people, the approximate number of all civilian federal employees, the second person added. Both people were granted anonymity to be candid about the sensitive nature of OPM’s email policies."
I had a look at the DNS records for opm.gov and I can't recall ever seeing a TXT record as verbose as this. It includes a large number of network blocks, and references the domain myemma.com as allowed to send email.
Myemma is an email marketing company, which in turn is run by a Nashville, TN company called Marigold.
https://meetmarigold.com/services-agreement/
It also includes Salesforce and the education technology company Leepfrog.
Here is the full TXT record, for posterity:
opm.gov
⇖·⇑·⇓·⇘ TXT
⇖·⇘ "MS=ms15252846"
"MS=ms35255137"
"tbcd7kxrzkw9py7sh6kksn5zfs19l4sy"
"miro-verification=20a9378d17adc5ca3…
9d6221caf668c258d0f7e5b"
"ms-domain-verification=9d72a4cb-
d7c8-4d15-baf9-7f5d507e2972"
"ms-domain-verification=e38d1b0f-
60ce-46ad-a462-c89c61cfe55a"
"7axh6RhNhWWjGH/6UD54HHrA3x0tNqHi2MG…
EN6MM/dyqbLwZqEnDkW+RndcBz2grhSSLNJ9…
qRSBXZxnUG96VWA=="
"v=spf1 ip4:205.131.184.50/32 ip4:
205.131.184.51/32 ip4:205.131.177.
50/32 ip4:205.131.177.151/32 ip4:
205.131.184.52/32 ip4:205.131.177.
152/32 ip4:205.131.184.125/32 "
"ip4:205.131.184.126/32 ip4:205.
131.177.125/32 ip4:205.131.177.
126/32 ip4:73.23.28.0/24 ip4:208.
76.128.0/21 ip4:66.159.72.186/32
ip4:216.230.115.73/32 ip4:216.52.
6.89/32 " "ip4:216.230.115.69/24
ip4:66.169.72.166/24 ip4:216.230.
114.66/24 ip4:216.230.101.69/24
ip4:66.169.72.176/32 ip4:173.201.
193.170/24 ip4:107.20.210.250/32
ip4:52.1.14.157/32 " "ip4:52.6.
44.126/32 ip4:52.207.153.36/32
ip4:65.196.93.7/32 ip4:96.43.152.
64/28 ip4:96.43.152.80/32 " "ip4:
149.19.38.227/32 " "ip4:149.19.
37.167 ip4:149.19.38.138 ip4:149.
19.37.159 ip4:149.19.37.32 ip4:
149.19.37.73 ip4:149.19.37.55 "
"ip4:163.120.86.44 ip4:163.120.
86.62 ip4:149.19.37.109 ip4:149.
19.37.33 ip4:149.19.37.49 ip4:149.
19.37.86 ip4:163.120.86.56 ip4:
163.120.84.26 ip4:149.19.38.45
" "ip4:163.120.84.80 ip4:149.19.
38.69 ip4:149.19.38.87 ip4:149.
19.38.105 ip4:163.120.84.62 ip4:
163.120.84.37 ip4:149.19.38.63
ip4:163.120.84.20 " "ip4:52.61.
131.175/32 ip4:52.61.131.176/28
ip4:52.61.135.175/32 ip4:52.61.
135.176/28 ip4:34.206.132.87/32
ip4:18.233.74.128/32 include:spf.protection.outlook.com" " a:usalearn…ing.net mx:usalearning.net include:e2ma.net exists:%{i}._spf.mta.salesf…orce.com include:leepfrog.com -
all" opm.gov
This TXT record was entered at 11:57 am on Jan. 29.
[edited to add effective date at bottom]
