**MacLemon** @MacLemon@chaos.social · Jun 20, 2019, 14:22

**MacLemon** @MacLemon@chaos.social · Jun 20, 2019, 14:22

MacLemon @MacLemon@chaos.social

Jun 20, 2019, 14:22

Dear IT-humans: Please do yourselves a favour and create security@ as an email address on all of your domains which is actually routed and read by someone with knowledge about your IT!
That way you make it easy for people who accidentally stumble upon security issues with your infrastructure to actually report them to you.

The sheer fact of having and reading security@ (as mandated by RFC 2142) will help improving your IT security.

https://www.ietf.org/rfc/rfc2142.txt

**🎓 Doc Freemo 🇳🇱** @freemo@qoto.org · Jun 21, 2019, 05:04

**🎓 Doc Freemo 🇳🇱** @freemo@qoto.org · Jun 21, 2019, 05:04

Jun 21, 2019, 05:04

🎓 Doc Freemo 🇳🇱 @freemo@qoto.org

@MacLemon Or do what I do and just get alll non-assigned emails routed to the CTO and let him sort it out :)

**MacLemon** @MacLemon@chaos.social · Jun 21, 2019, 08:50

**MacLemon** @MacLemon@chaos.social · Jun 21, 2019, 08:50

Jun 21, 2019, 08:50

MacLemon @MacLemon@chaos.social

@freemo (Ab)using a CTO as spam-filter doesn’t sound like a very economical solution to me. But who am I to judge? :-)

**🎓 Doc Freemo 🇳🇱** @freemo@qoto.org · 2019-06-21T08:51:57Z

🎓 Doc Freemo 🇳🇱 @freemo@qoto.org

@MacLemon How ya figure. Im the CTO in at least two of my companies where I use this tactic. We have an actual spam filter so virtually none of the email that gets to me is spam (that I actually see).