Thanks to everyone for their comments.
I will elaborate on some details that were not clear in my original
posting (+ answer some of the questions that people have asked).
It is worth mentioning that we are not predominantly a UNIX site (though
we do still have quite a number of UNIX boxes of various flavours
scattered around). We additionally run IBM mainframes with RACF security,
+ Novell and NT networks.
The user-IDs I was mentioning are a current (and longstanding)
corporate-wide standard for unique IDs which are generated upon
employment. These IDs are generally used as a fairly reliable user-ID key
by the majority of our systems - and is indeed used as a synchronisation
mechanism between mail directories (current mail systems include
Verimations MEMO on the mainframe, Lotus Notes, Microsoft Mail + standard
As the IDs are unique already, we have decided to use flat mail addressing
and use a consistent company domain after the AT sign. The mail hub looks
after getting the mail to where it needs to go (this includes gateways to
other mail systems). This means that mail addresses remain the same
irrespective of which department an employee moves to, or even which mail
system the particular department uses. Also - no host information is
leaked due to the use of the flat structure (at least ostensibly - a
couple of respondents have mentioned that information tends to leak via
headers, and is even available via queries to the sendmail port, though
this may be blocked via appropriate application firewalling).
Now, a few respondents have mentioned aesthetics and ease-of-use as
reasons for using schemes such as
There are arguments for and
against this sort of scheme (see the "Why are you so hostile to using full
names for e-mail addresses?" section in the Sendmail FAQ for a counter
argument) - however, I am more interested in the security aspects
involved, as this is the point being debated.
Security becomes as issue because the same user-ID tag is used for Novell,
NT and mainframe RACF logins. Now, whilst external Internet access is
regulated by a firewall, and internal security policies do apply (eg:
mandated password changes, password composition guidelines, etc.), I do
admit (as one respondent pointed out) that there is some merit to the
security argument as some door knocking information becomes available. If
actual physical access is gained to the site, and/or some boundary system
is breached, then some door knocking may be performed using this
information. If security policy information is sloppy on some internal
systems then an exposure does exist.
The real question is whether the risk of this exposure is adequate to
justify the administrative maintenance burden of the large mapping table
that is then required (our organisation contains roughly 10,000 mail
users), and whether this solution does indeed address the problem.
Lastly, the non-obvious mail-box ID sees to (albeit, once again by
obscurity) make it somewhat harder to be the target for mail-bombs or
abusive mail when only the name of the intended recipient is known (eg:
dissatisfied customers trying to contact the MD directly, or even trying
to make someone's day-to-day work difficult by mailing large volumes of
data). How do the accessibility, frequency and repercussions of this type
of threat compare to door knocking and password cracking? (this is not a
rhetorical question - do people have comments on this?)
As before - comments are welcomed. Also as before, dropping me a copy of
responses at auampdrv @
com in addition to the firewalls list would