S 5.55 Checking of alias files and distribution lists

Initiation responsibility: Head of IT Section, IT Security Management

Implementation responsibility: Administrator, IT users

Alias files and distribution lists are often used to facilitate the addressing of e-mail. If alias files are maintained on mail servers as well as mail clients, clarification is required as to which entries have priority, i.e. if an alias is duplicated on both servers, which address should be accepted on the selection of this alias. Aliases on the mail server should be decisive when e-mail is received, aliases on the mail client should be decisive when e-mail is dispatched. Users must be notified of aliases which are resolved by the mail server, so that they can take this into account when passing on e-mail addresses.

Users must have read-access to alias files on the mail server to be able to make use of these files. Only the mail administrator should have write-access to the files.

To prevent e-mail from being transmitted to the wrong parties as a result of incorrect, outdated or manipulated distribution lists, these lists must be checked regularly for correctness and validity.

Additional controls:

• At which locations have alias files and distribution lists been stored?

• Who has access to alias files and distribution lists?

• When were alias files, distribution lists and stored e-mail addresses last checked for validity?