Before sharing my email address with some person or some org, I do an MX DNS lookup on the domain portion of their email address. It’s usually correct. That is, if the result is not of the form *.mail.protection.outlook.com, then that recipient is not using Microsoft’s mail server.
But sometimes I get stung by an exception. The MX lookup for one recipient yielded barracudanetworks.com, so I trusted them with email. But then they sent me an email and I saw a header like this:
Received: from *.outbound.protection.outlook.com (*.outbound.protection.outlook.com…
Is there any practical way to more thoroughly check whether an email address leads to traffic routing through Microsoft (or Google)?
Once a mail server gets hold of your mail, it can basically do whatever it wants with it, including forwarding it to FAANG MXes, HTTP POSTing it to the NSA or publishing it on Pastebin. This is one of the reasons why we push for end-to-end encryption, there can be no confidentiality or integrity otherwise.
I’m w/you on the e2ee, of course. But this requires both people to partake, so the suggestion is broken in most non-p2p situations. In a world where govs, NGOs, and most people are incompetent, e2ee is not generally available. From there, do you want to function at all? You can be 100% dysfunctional if you insist on e2ee. I am almost there, actually. Countless businesses lose my business because they are not on the ball w/security. And gov offices get paper correspondence from me because their digital attempt stinks.
But there are situations where e2ee is not strictly important for a particular situation. Yet I will be damned if I have to dance for Google or MS to get their servers to accept my msgs, all to help the scumbags profit from seeing my payload. So I will send an in-the-clear email to non-FAANG recipients in some cases.