Email nightmare for some FSU students

shieldI mentioned yesterday that sometimes people and software screw up in ways that cause problems. Today I saw an article demonstrating just how bad these issues can be. Florida State University Housing Department sent detailed and confidential violation reports to tens of thousands of students.

On Monday, March 14 at around 2 p.m., FSU first became aware that a glitch in the University Housing software caused the system to email approximately 13,195 current and former FSU students detailed incident reports of any and all code of conduct complaints associated with them, the FSView has learned. FSU News

In some cases, reports were of minor issues like halogen lights or open flames. But in other cases the violations were much more serious. These include reports of drug offenses, harassment and assault. Emails were only sent to the students associated with the report, but there is the possibility that some anonymous reporters were revealed by this glitch. Given some of the reports were more than 10 years old, it’s also possible these emails went to non-involved recipients.
As an email professional this type of glitch is horrifying. I can’t fathom what the glitch was. Whether it involved a human making a mistake or was triggered by the software, this is horrible design. No email containing sensitive and personal information should ever be sent unintentionally.
FSU reports they’ve stopped using the software. I hope they’ve unplugged it from any network completely. A little bit of poking at Google doesn’t tell me who the vendor is, although one of the major campus conduct software vendors (Maxient) has a note on their Facebook page that they are not the software used by FSU.
Like I said yesterday, stuff breaks online. The problem is some of these failures can cause problems and injury to real people. What happens online isn’t that separate from what happens offline these days. Our security needs to be better.

The Internet is hard.
Optimize your SPF records

Related Posts

Are you ready for DMARC?

secure_email_blogThe next step in email authentication is DMARC. I wrote a Brief DMARC primer a few years ago to help clear up some of the questions about DMARC and alignment. But I didn’t talk much about where DMARC was going. Part of the reason was I didn’t know where things were going and too much was unclear to even speculate.
We’re almost 2 years down the line from the security issues that prompted Yahoo to turn on p=reject in their DMARC record. This broke a lot of common uses of email. A lot of the damage created by this has been mitigated and efforts to fix it continue. There’s even an IETF draft looking at ways to transfer authentication through mailing lists and third parties.
For 2016, DMARC alignment is going to be a major factor in deliverability for bulk email, even in the absence of a published DMARC record.

Read More

December 2015: The month in email

Happy 2016! We enjoyed a bit of a break over the holidays and hope you did too. Here’s our December wrap up – look for a year-end post later this week, as well as our predictions for the year ahead. I got a bit of a head start on those predictions in my post at the beginning of December on email security and other important issues that I think will dominate the email landscape in 2016.
DMARC will continue to be a big story in 2016, and we’re starting to see more emphasis on DMARC alignment as a significant component of delivery decisions. I wrote a bit more on delivery decisions and delivery improvement here.
December in the world of email is all about the holidays, and this year was no exception. We saw the usual mix of retailers creating thoughtful experiences (a nice unsubscribe workflow) and demonstrating not-so-great practices (purchased list fails). We took a deeper look at the impacts and hidden costs of list purchasing – as much as companies want to expand their reach, purchased lists rarely offer real ROI. And on the unsubscribe front, if you missed our discussion and update on unroll.me unsubs, you may want to take a look.
Steve wrote a detailed post looking at what happens when you click on a link, and how you can investigate the path of a clickthrough in a message, which is useful when you’re trying to prevent phishing, fraud, and other spam. In other malicious email news, the CRTC served its first ever warrant as part of an international botnet takedown.
In other industry news, some new information for both ESPs and recipients interested in feedback loops and a somewhat humorous look at the hot-button issues that divide our ranks in the world of email marketing. Please share any we may have missed, or any other topics you’d like us to address.

Read More

Security, backdoors and control.

WttWColorEye_forBlogThe FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control. Apple letter to customers

Read More