Jared and Ivanka’s secret email addresses are hosted by the Trump Org

Yesterday, Politico reported that Jared Kushner and Ivanka Trump had more private email accounts which were set up after the 2016 Presidential election.

Per Politico, Trump’s daughter and son-in-law registered the domain ijkfamily.com to use to handle these email accounts.

According to public domain name records, ijkfamily.com was registered on 31 December 2016, during the height of the Transition and a few weeks before the Presidential inauguration.

When someone buys a .com domain name, they must give their name, address and contact details which are added to a public database. This is called WHOIS data.

The WHOIS data for ijkfamily.com is not accessible. Instead, the entry in the WHOIS register gives the details of Domains by Proxy, a company which exists to hide data from the WHOIS database.

While this might sound sinister, it actually is fairly typical. It costs less than ten dollars to do, and can even be free sometimes. I use similar services for some of the domains I control. I personally don’t read anything into the decision to use a WHOIS proxy.

There is no website for this domain. www.ijkfamily.com is just a holding page run by the domain retailer, Godaddy.com. Again, that’s not surprising if the domain was only bought to be used for email.

So where’s the email server?

Here’s where it gets interesting. Different services on the same domain name can be assigned to different servers. So where is the mailserver handing email for ijkfamily.com?

We can find that out by looking up the Mail Exchanger Record (MX) for the domain:

As you can see above, there are two listed mailservers for ijkfamily.com

  • ijkpph01.ijkfamily.com
  • ijkpph02.ijkfamily.com

These are the subdomains which deal with an email being sent to, say, jared@ijkfamily.com. Now we need to find out what servers those domains are on. We can do this via an NSLookup to find the Internet Protocol (IP) addresses that those names refer to:

Unsurprisingly, the lookup gave us two sequential IP addresses, 144.121.114.12 and 144.121.114.13 . These addresses probably both go to the same actual server, with two being used for redundancy.

144.121.114.12 and 144.121.114.13 aren’t GoDaddy addresses. Neither of them is running a webserver, so if you paste them into your browser bar then nothing will happen.

Luckily, there are companies who have huge databases of IP addresses and who owns them. One of them, Domaintools, was able to provide the missing piece of the picture.

Yes, 144.121.114.12 and 144.121.114.13 are the addresses for mailhost01.trumporg.com and mailhost02.trumporg.com. These are the mailservers for the Trump Organization. Just to close the loop, I checked this too.

This means that Jared and Ivanka’s private email addresses, set up during the 
Transition and used in the White House, were hosted by the Trump Organization.

Obviously this raises a lot more questions about who actually made the domain name and who added the email accounts to the Trump Org’s private mailserver. It raises questions of security and privacy, because Trump Org IT staff would potentially have access to the email accounts. It raises questions of judgement and competence, given how similar this all feels to other, erm, high-profile cases involving private email servers.

I’m sure all those questions will be asked in time.

Journalists who want a better explanation, feel free to contact me.

UPDATES:

  1. Newsweek wrote an article partially based on this piece
  2. USA Today reports that the email accounts were only moved on to the Trump Organization server recently, and were originally hosted at Microsoft’s Outlook.com
One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.