[RKDinOKC]

Good Morning.

Our IT Director gave our DNS account login and password to the company moving our Exchange on-line hosting. I would NEVER have done that. I would have had them give me the dns records that needed added/changed to make the move so that I could make them, or created a login for them that I could remove. Again I would NEVER have given anyone the actual DNS account login let alone password! To me it was not at all acceptable security procedure. Now after everything has been moved I am going to have to create a new admin account and delete the old one. Would much rather have created a temporary login without full admin permission!

Boy, my managers are making some stupid decisions on our internet security. And no amount of spending on Internet Security Awareness Training of our email users is going to help cause it ain't our users making the holes.

Since we changed to only using Microsoft's Exchange on-line anit-spam we've gotten more phishing spam than since we've had email accounts. A few months versus since 1991!

It is such a waste. A good anti-spam solution for a company of our size costs around $3000 a year. The training and testing content alone costs $5000 a year. And that does not include the downtime for users while being trained and tested and training personnel and their time. We have already lost $17K due to a phishing attack since switching to Microsoft's FREE anti-spam.

No wonder we can't make a profit in the current oil industry slump!