Wednesday 5 March 2008

Email Address Typos can Spell Trouble

A quick extract from yesterday's IT Blogwatch, in which The U.S. Air Force gets caught sending classified data in unencrypted email:
Sensitive information ... swamped Gary Sinnott's email inbox after he established www.mildenhall.com ... Emails intended for Air Force personnel at the Mildenhall Air Force base (who uses the domain mildenhall.af.mil) were being misdirected to the owner of the .com site ... hundreds of classified emails were sent from around the world ... detailing all kinds of secret military information ... I ask you, what sort of drooling idiots do the US Military employ? Do they breed them in special farms?
And so on, and so on...

Reminds me very much of when I helped migrate Ferris Research's email accounts from The Electric Mail Company to Google Apps. -- I set up a catch-all account to make sure we hadn't missed any weird aliases or mailing lists. You've almost always got to do this when migrating an email setup, because it's so easy to miss a useful address. You'd be surprised how many times you can ask the question "Is this alias still needed?", getting the answer "no", and find that in fact it is.

Anyway, I was amazed how much misdirected email we received -- much of it meant for ferris.edu (Ferris State University, Michigan), as well as obviously confidential attorney-client communication, love notes, and more. All of human life was here for a while.

I guess it only goes to prove -- if proof were needed -- that .com is the only game in town, when it comes to domain choice.

2 comments:

Anonymous said...

Another angle to this -- on September 12, 2001, I woke to find a whole lot of e-mail for people at Cantor Fitzgerald, which had offices in the World Trade Center. They're at cantor.com and I'm at kantor.com, and I was set to receive messages to anything@kantor.com.

So I passed the messages to whatever@cantor.com and also sent a note to the sender. But I never want to deal with "Please tell me you're all right" notes like that again.

Anonymous said...

I had the same thing happen to me a couple of years ago where they kept sending emails regarding a secret diplomatic visit to my hotmail account.

Naturally I informed them and deleted the emails (seriously, I'm a good boy at heart) but it took about three attempts to get them to take me off the list.

I was a little stunned that they would allow that kind of information to be sent to free mail providers and mine wasn't the only address.

Kinda makes a mockery of the clearances, background checks and all the other lunacy when people in the govenment (executive and military branches) do something like that.

Post a Comment