A Domino Group initially added an internet address, then it was removed from the document and now when doing ldapsearch, we noticed that address is still being populated in the mail= field. Another scenario was on a newly created test group where they only populated the group name and group type (e.g. testgroup) then when they do an ldapsearch on that group, they noticed that mail= shows an internet address (e.g. firstname.lastname@example.org).
I would like to forward this as a SECURITY and at least enhancement request. All organizations have a spam filter and uses LDAP as a means to register valid email that are allowed to have access to the outside ( in and out) .
In the group document. the email it is meant to have a intergroup and/or external/internal access.
THEREFOR the admin will get a false sense of security that these groups are not exposed to the internet since the email field is BLANK yet in LDAP, the email is automatically create.
So if you create and ALL STAFF group, span could be sent to this address and therefore to everyone.
THIS IS INSECURE and deceptive since it is not present or filled in the group document.
This also causes the use a user license since the work around is to create a user then include that user in a group.