I've got a question for the sysadmins here.

Do you make access to group mailing aliases within your company or domain available to recevie mail originating from outside of the domain?
For example, a spammer mails to a project mailing list [email protected] and is able to spam everyone on that internal mail list.
Is it common pracitce for sysadmins to leave these open?
Would you as a user find it offensive to get spam sent to the project lists at your job? Just wondering... for a friend, yeah that's it...