Manage Learn to apply best practices and optimize your operations.

The dangers of 'dummy' email accounts

This tip discusses a few security concerns related to the use of generic e-mail accounts, like sales@company.com, and explains why a mail-in database is a safer alternative.

To allow employees to read e-mail received at generic addresses, like resumes@company.com or helpdesk@company.com, you would typically provide IDs and passwords for these 'dummy' accounts. The users could then switch IDs (or re-logon) to open the target mail files. While this may be the easiest approach for managing generic e-mail accounts, it isn't necessarily the best, as it creates several security holes in your system. In this tip, I'll discuss a few of these security concerns and explain why a mail-in database is a safer alternative.

One thing to consider is that it is difficult to take back IDs and passwords once you've given them away. Asking users to return files does no good, since they may keep copies without your knowledge. If you change an ID's password or public key (and enable server-side checking of these items) you can disable one person's copy of the ID. But then you have to update the other valid copies with the new information, or they won't work.

The same applies to Domino Web mail accounts. If you disable someone by changing the Web password, you have to tell the other people the new password. All of this is doable, but a bit of a pain.

Dummy accounts also offer malicious users a way to gain access to your entire system. Since you ideally want the total number of user accounts to be as small as possible, adding an account named Helpdesk, for example, just gives hackers another crack at guessing a password. The names of these accounts are usually obvious, too, making them inviting targets for break-ins.

Having user accounts with generic names also violates a standard "best practice" for security policies -- that is, users should log onto a computer system with unique names. If you look at a log file and see some suspicious activity by a user named Resumes, you have little idea who actually performed those actions.

A mail-in database solves all of these problems. There is no specific ID or password associated with the mail file. Therefore, there is no way to log on to Domino with the usernames Helpdesk, Resumes, etc. You grant or deny access to the mail-in database by adding/removing regular usernames from the database access control list (ACL).

If you want to prevent departing employees from accessing the Helpdesk mail file, you just take their names out of the ACL, and they'll be locked out. Adding someone is just as easy -- simply put their name into the mail file ACL. You don't have to hand out ID files, tell anyone an additional password, or keep certain users up-to-date with changes to the generic account.

Mail-in databases are simple to create and manage. For more information, see Domino Admin Help -> Index -> Mail-in Database (R5 and R6).

About the author: Chuck Connell is president of CHC-3 Consulting, which helps organizations with all aspects of Domino and Notes.

Please let others know how useful this tip is via the rating scale below. Do you have a useful tip or code to share? Submit it to our monthly tip contest and you could win a prize and a spot in our Hall of Fame.

This was last published in June 2004

Dig Deeper on Lotus Notes Domino Mailbox Management

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Stealing personal information identity theft internet fraud along with links fake e-mails
Cancel

-ADS BY GOOGLE

SearchWindowsServer

Search400

  • iSeries tutorials

    Search400.com's tutorials provide in-depth information on the iSeries. Our iSeries tutorials address areas you need to know about...

  • V6R1 upgrade planning checklist

    When upgrading to V6R1, make sure your software will be supported, your programs will function and the correct PTFs have been ...

  • Connecting multiple iSeries systems through DDM

    Working with databases over multiple iSeries systems can be simple when remotely connecting logical partitions with distributed ...

SearchDataCenter

SearchExchange

SearchContentManagement

Close