Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Risk of Redirecting Email.

From: Dotzero <dotzero () gmail com>
Date: Fri, 3 Apr 2009 11:16:33 -0400
On Tue, Mar 31, 2009 at 11:54 AM, M.D.Mufambisi <mufambisi () gmail com> wrote:

Hi people.

I have seen on some clients of mine, that when an employee leaves the
organisation, they request IT to redirect their emails to a particular
email address....personal.
What are the risks of this? I can only think of company information
being directed to this individual....which could be bad if he/she has
gone to work for a competitor. What other risks or security issues
could this give rise to?



I'm not sure why this question is posted to pent-test but seeing as it
was allowed through......

Flip it around, why would an organization forward mail directed to a
company account? If it is organization related mail to an organization
owned inbox then it shouldn't be forwarded to an ex-employee. That is
why people have personal email accounts.

As usual, just my 2 cents.

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

No time or budget for traveling to a training course in this fiscal year? Check out the online penetration testing 
courses available at InfoSec Institute. More than a boring "talking head", train in our virtual labs for a total 
hands-on training experience. Get the certs you need as well: CEH, CPT, CEPT, ECSA, LPT. 

http://www.infosecinstitute.com/request_online_training.html
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: