Photo courtesy of Connor W. Davis

0 Shares

On Oct. 24 at 10:41 pm, an extremely hateful email was unleashed onto the DU community. The email itself was the rambling of an unintelligible troll, but what is concerning is that they were able to reach so many members of the DU community through our own mail servers. Obviously, DU’s cybersecurity is not up to scratch. After some quick research and poking around DU’s mail server security, one will find some frightening results involving a lack of filtering and security. DU needs to make some serious changes to their security or a crazy email will be the least of their worries. Those who would defend DU’s weak mail server filter and lack of safeguards would cite its convenience. The security argument is one of convenience vs safety.

DU’s security flaws begin on their own website. All staff email addresses are open to the public. This means everyone has the ability to send mass emails to the staff of DU with relative ease. Luckily the student email list is private, so they are protected from the more lazy scammers and trolls. The problem, however, is the extremely simple format of every student’s email. The firstname.lastname format makes it easy for someone with a list of students names to send mass trolling or spam emails. A certain mass hate email might not have been released if not for the easily accessible email directory.

A strong filter or email monitoring might have prevented the email from ever reaching the DU community. A quick DNS test on DU’s mail server unearths a series of filtering problems. A DNS test basically probes the website for obvious vulnerabilities. In laymen’s terms, it is not good. Outside email addresses can very easily communicate with any DU address. This opens the door to threats much greater than a hateful email such as Tabnabbing and other phishing attacks. Tabnabbing is the practice of sending a fake email to gather personal information on a person using a cloned version of an official website. Supporters of DU’s open email policy may claim that it is worth the risk so that convenience can remain. These supporters, however, do not see the more dangerous threats. The distribution of malware and the practice of Tabnabbing could spell disaster for the DU community.

Safety is of much greater importance when it comes to cybersecurity. A private email directory would make it more difficult to communicate with non-DU personnel, but it allows a safer environment for DU students and staff. A more complex email format may make it harder to figure out someone’s email, but it protects the students from outside phishing or trolling emails. A stronger email filter may block commercial emails, but it would protect students from hateful emails and malware. When it comes to students, safety is always more important than ease of access.

0 Shares