A quick extract from
yesterday's IT Blogwatch, in which The U.S. Air Force gets caught sending classified data in unencrypted email:
Sensitive information ... swamped Gary Sinnott's email inbox after he established www.mildenhall.com ... Emails intended for Air Force personnel at the Mildenhall Air Force base (who uses the domain mildenhall.af.mil) were being misdirected to the owner of the .com site ... hundreds of classified emails were sent from around the world ... detailing all kinds of secret military information ... I ask you, what sort of drooling idiots do the US Military employ? Do they breed them in special farms?
And so on, and so on...
Reminds me very much of when I helped migrate Ferris Research's email accounts from The Electric Mail Company to Google Apps. -- I set up a catch-all account to make sure we hadn't missed any weird aliases or mailing lists. You've almost always got to do this when migrating an email setup, because it's so easy to miss a useful address. You'd be surprised how many times you can ask the question "Is this alias still needed?", getting the answer "no", and find that in fact it is.
Anyway, I was amazed how much misdirected email we received -- much of it meant for ferris.edu (Ferris State University, Michigan), as well as obviously confidential attorney-client communication, love notes, and more. All of human life was here for a while.
I guess it only goes to prove -- if proof were needed -- that
.com is the only game in town, when it comes to domain choice.
Labels: crypto, Gmail, itblogwatch