From the Department of You Gotta be Kidding Me...
While working with a client's network trying to resolve some mail flow issues...I was required to contact their web hosting company. This can be "fun" to varying degrees depending on what type of verification is used to ascertain whether or not you should be allowed to be making change requests. This is frequently called Big Fun with Social Engineering when the client can't remember or find the account info. which nobody has seen for 8+ years.
Now imagine (if-you-will) my dismay at getting absolutely no challenge what so ever. None. Nothing. Notta. Straight to the red carpet from hello. This has now happened on two separate occasions, which were weeks apart. So it ain't like somebody was having a bad day, and let it slide... What were the changes I was requesting you ask?
1st Call:
I requested that all mailboxes be tripled in size to (and this was directly stated) allow for larger Emails (with 20+MB attachments)to be sent.
2nd Call:
I requested that all the existing MX records be removed (Um... Yeah), a new MX record be created, and that all the mail was now to be sent to an off-host IP address that I specified.
And at no time was I asked for anything (not even my name - which I didn't offer) other than what domain I would like to make changes to.
Now the web-based management interface requires, domain name, user name, and pass word ... ALL of which are case sensitive. So there seems to be some level of understanding in regard to security. It just doesn't extend (or pertain) to the folks at phone support. Try this with your hosting company sometime to see how well they fair ... You might just be mortified ... I was.
...I've advised the client to switch hosting companies ... and they are.
