Should IT people hide their mistakes?
Picture Copyright: (c) Paul Bradbury
Consistently over the past year, I have spent some time scrutinizing public DNS email configurations of both small and large organizations across various sectors, including retail, private sector, public sector and other I can't disclose here.
I find myself continually intrigued by this phenomenon to the extent that even during my commutes, upon spotting a familiar storefront, my immediate instinct upon returning home is to investigate their "public" email DNS configuration.
Regrettably, approximately 80% of these entities are susceptible to email spoofing and when I let them know, most of those IT, not all, don't take it seriously.
This vulnerability isn't attributable to a software bugs but rather stems from a lack of expertise and misconfiguration.
Should an IT department or IT team confront their superiors with that reality and say " Hey Boss, I messed up ! I sincerely though we were protected against spoofing but I was wrong, for years...."
Some reading for you :