Re: phishing irony

["HALL, NATHANIEL D." <halln () OTC EDU>]

That is why I haven't started doing it yet.  I am waiting for approval.  I also wouldn't have to use a free e-mail 
account.  I own enough of my own domain names and run my own mail server on a business DSL connection, so I can give 
myself approval to do so.  IIRC, the Lori Drew case only dealt with her violation of the ToS.  The only real hiccup 
would be the DSL connection, but if I have permission to send such e-mails then it is legitimate traffic and I would 
have an argument against a claimed use violation.

But, as usual, I am not a lawyer so your mileage may vary. 

--
Nathaniel Hall, GSEC GCFW GCIA GCIH GCFA
Network Security System Administrator
OTC Computer Networking

Office: (417) 447-7535


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Valdis 
Kletnieks
Sent: Friday, February 13, 2009 10:43 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] phishing irony

On Fri, 13 Feb 2009 09:09:05 CST, "HALL, NATHANIEL D." said:
> It might seem deceptive, but you don't have to tell them the IT department
> sent the e-mail.  It is probably best if they don't know.

Are you willing to bet your IT department's reputation for honesty on whether
or not you have exactly *zero* users who have both the smarts and interest to
actually look at the Received: headers and see where it came from? ;)

Yes - you *could* send it from a throw-away freemail account someplace. But
then you better contact legal counsel - the last thing you want is to end up
another roadkill on the case law highway like Lori Drew did (she was the mom
who invented a ficticious Myspace identity to harass a 13 year old girl who
ended up committing suicide).  Bad cases make bad law, and the rubble hasn't
quit bouncing from that case yet...