From: glen mccready To: 0xdeadbeef@substance.abuse.blackdown.org Date: Wed, 16 Oct 1996 10:34:08 -0400


Forwarded-by: Keith Bostic <bostic@bsdi.com>


from the Defense Logistics Agency

From:
To: DISTAA (Commanders' Only)
Subject: Unauthorized Mail
Date: Monday, September 30, 1996 1:53PM

The world of communications is moving rapidly forward.  With that movement
come changes in the many ways we perform our daily business.  Electronic
mail is just one of those important changes.  We must all do our part to
assure that the tools we are given to perform our daily routines are not
jeopardized by outsiders, poor controls, or abuse.

Procedures are being developed and tested for Terminal Area Security
Officers (TASOs) to monitor certain types of unauthorized activity.
Commercial, (COM) or educational, (EDU), addresses that are used during
mail, must be monitored and supervisors notified if discrepancies are
found.  Consideration must be given to allow the user to communicate with
places and persons that are business related.  The office of Command
Security, Information Systems Security Officer, (ISSO), recommends that
any user that has sent OR received mail between commercial addresses that
are questionable on a regular basis (more than 5 times a week), or
individual cases of OBVIOUS abuse, be questioned in the presence of
his/her supervisor as to the validity of those addressees.  Failure to
adhere to prescribed policy and regulations are punishable offenses.  DLAR
5200.17 Para VII, subpart P, subpart, 1, 3, and 4, apply.

NOTE:  Joint Ethics Regulations make allowances for certain personal
correspondence through government resources.  Such correspondence
includes, but is not limited to, morale boosting messages for friends and
relatives away from home in the armed forces, limited, infrequent
non-official messages, and messages about retirement parties.  Examples
of correspondence that would be prohibited are: pornographic activity,
child abuse, and activity that would bear bad reflection on the individual
or government as a whole.  All TASOs are requested to make periodic
checks to assure that the personnel they are responsible for are not
abusing the mail systems.

The following paragraph shows ACTUAL addresses that DCMDE users have been in 
communication with and are examples of probable abuse.

     user@nova.dreamscape.com
     dbl_snort@pureatria.com
     user@quicknet.com   (frequent messages)
     user@catnip.berkely.com
     user@usair.com (possible valid address)
     end_zone@pwr.com
     bosox-digest-approval@europe.std

This list could go on and on.  I have provided these as examples only.
There are several instances where the commercial addresses are valid for
work reasons.  "user@pweh.com" is for a user at the Pratt Whitney Plant
at East Hartford CT and is a valid address for email between government
and PW personnel.  Similar acceptable examples have been found for many
contractors.

Much of this usage can be equated to usage of the telephone systems.
Personnel are allowed, in certain limited instances to call their spouse,
children and family members for such things as changes in schedules,
extended tdy, and emergency uses.  Although email is much less immediate,
some of these same types of circumstances will be encountered.  Good
judgment, as always, should be exercised in all cases.

Request all employees at your organization be provided a copy of this
guidance.  Questions on policy contained herein may be addressed to Joseph
E.  Holland, III, Information Systems Security Officer, at email
bdt1000@dcrb.dla.mil or (617) 753-3204, DSN 955-3204.  Your anticipated
cooperation is greatly appreciated.