On 1/7/07, Nicob <nicob@xxxxxxxxx> wrote:
security@xxxxxxxxxx is the only standardized security contact (as
defined by RFC 2142)
While nobody could argue with that, I've lost count of the number of
banks and similar organisations to which I've tried to report phishing
scams via their "security@" alias, only to get a bounce saying no such
address.
And in at least one case (org name escapes me now) the "security@"
alias turned out to be a *physical* security department, populated by
large gentlemen with peaked caps and bulging armpits ... so you can't
rely on "security@".
Nick Boyce