So I find security-based proceedures hard to come by and thought I would raise a conversation here.
Who is allowing notifications to be sent to public domain email addresses? Have you been able to vet a security alanysis on this to determine if there is a risk to your business?
Anyone created any policy for this?