Dear IT-humans: Please do yourselves a favour and create security@ as an email address on all of your domains which is actually routed and read by someone with knowledge about your IT!
That way you make it easy for people who accidentally stumble upon security issues with your infrastructure to actually report them to you.
The sheer fact of having and reading security@ (as mandated by RFC 2142) will help improving your IT security.
@herrdoering @MacLemon security-related information. Should go to your it security creature, who is not necessarily your webmaster. If the two roles fall together, it's still good to have both addresses, for ease of communication.
Spam is a solved problem, spamfilters have become good. A minimal spam filtering effort is the price of doing business, much like minimal maintenance is the price of doing it
chaos.social – a Fediverse instance for & by the Chaos community