[unisog] Still need a "security" address?

Gary Buhrmaster gtb at slac.stanford.edu
Thu Feb 22 01:58:21 GMT 2007


> Is it out of line to consider assigning the email alias "security AT
> Oberlin DOT edu" to the folks in blue while expecting /network/ security
> issues to be addressed to "abuse?"

Well, RFC 2142 clearly states that "security@<site>" should
be associated with "Security bulletins and queries" (under
the Network Operations area, long before most sites even
had the concept of a separate cyber security group).

I am not going to be an RFC policeman for the Internet (it
would be a Sisyphus-like task), but *my* expectation
when trying to contact the cyber security group at another
institution is to send to security@<site> if I can not
quickly find a better contact email (I tend to try to
be RFC compliant).

My group (which receives security@<site>) does occasionally
gets email intended for our physical security office.  We
forward the email when we get it.

Gary




More information about the unisog mailing list