nav search
Data Centre Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

back to article
Admin fishes dirty office chat from mistyped-email bin and then ...?

Silver badge

Why is it any of your business? Either delete the email or forward it, as your conscience requires. You aren't the morality police.

Why are you even reading the body of the emails if you're expecting they're for somebody else?

67
6
Silver badge

or auto delete the folder contents at regular intervals?

10
0
Silver badge

Why are you even reading the body of the emails ...

Because sometimes that's the only way to find out which person to send it on to.

32
4
Silver badge

The obvious solution is to just bounce invalid recipients, like everybody else.

This isn't even an interesting story. It follows the standard formula of "found porn or similar at work". We've heard enough of these, surely.

38
3
Silver badge

It's even less interesting than finding porn. It's just a personal email from one employee to another using their employers email system. Does the business allow personal email? If yes then nothing to see. The contents in this case are irrelevant.

I sent an email to a friend today about Friday lunchtime pub time. No different.

13
0
Silver badge

Re: Why are you even reading the body of the emails ...

> Because sometimes that's the only way to find out which person to send it on to.

Which, just maybe..., the admin shouldn't be doing in the first place.

18
2
Silver badge

Hmmm, did they claim expenses for two hotel rooms and not use one of them? Wasteful.

7
1

Devils advocate.

@disgustedoftunbridgewells

"You aren't the morality police."

The only thing necessary for the triumph of evil is for good men to do nothing.

when does it become petty?

5
26
Silver badge

Re: Devils advocate.

My viewpoint is that there's no reason for the admin to be reading those emails in the first place - just bounce them. I'm guessing he set this up as a way of snooping, rather than to be helpful.

Anyway, they aren't sharing trade secrets with the competition, the emails aren't illegal. He knows nothing of the details - this pair may have left their spouses which makes the email completely innocent, for example.

It's not for him to judge. I was once told by a colleague that he gets sucked off every time he goes to Amsterdam. I didn't feel the need to tell anybody, especially his wife. None of my business.

27
4
Anonymous Coward

> The obvious solution is to just bounce invalid recipients, like everybody else.

Yeah, and I've been bitched at and told to "fix that" by The Big Boss, regardless of how I implemented it or any other consequences. Despite being a tech company, they expected the computer to magically know where to send emails.

In this situation, I would have have blackmailed the two, if the guy had been one of the people complaining about email resolution. Revenge is a dish best served very cold.

3
17
Anonymous Coward

If revenge is a dish best served very cold, and revenge is also sweet....is revenge ice cream?

(yes, I shamelessly nicked that from a philosoraptor meme)

Anyway, I've been asked to set up similar 'no bounce' systems, and I've simply told the client - in professional terms - that it's a staff competency problem, not an IT problem.

If they aren't capable of using the address book of their email clients, then they probably shouldn't be trusted to handle a spoon without adult supervision due to the risk of injury.

In this case? I'd have done the same. If the Big Boss wants me to compromise my professional ethics by intercepting staff email on the fly, they can go fuck themselves.

30
1
Silver badge

Re: Devils advocate.

"My viewpoint is that there's no reason for the admin to be reading those emails in the first place - just bounce them. I'm guessing he set this up as a way of snooping, rather than to be helpful"

Actually I believe in the article he said that often customers emails would be mis-addressed and he was attempting to forward them to the appropriate recipient. Sounds like a reasonable thing to do for the business.

It just happened that some internal mails were also mis-addressed.

9
4

Exactly.

Generally, many employers will have either:

- a policy on the use of work equipment/IT systems/communication during work time, or

- some catch-all clause in the employment contract.

Generally speaking, your response depends on the policies in question. However, internal IT processes and procedures need to be designed with these company policies in mind - if you don't want to be put in the position of reading misaddressed email, don't store or log the stuff!

4
0
Silver badge
Pint

Any email you send/receive from the company is the property of the company and therefore as an IT employee you're entitled to ensure the company's assets are being used in accordance company policy. Using company equipment for personal use is often allowed but within "reasonable use". In an ideal world you should report this email as abuse of company property and you should be able to remain anoymous as the problem should then be dealt with by the HR dept and the offender's manager as they see fit. It's not your job to pass moral judgements, just act within the bounds of company rules and policy.

Suppose the emails contained evidence of some crime that was later committed? In the financial world everyone, including IT staff, have to take mandatory, annual anti-money laundering training and certification. If you know about potential ML then you're bound by law to report it to the correct company officer else you risk a spell in clinky.

8
5
Silver badge

..bouncing incorrectly addressed mail

This is a security issue, as it allows spammers to identify real email addresses in an organization. If it doesn't bounce, it's a real address.

I know of many large organizations that just black-hole them for exactly this reason.

14
1

Re: ..bouncing incorrectly addressed mail

> This is a security issue, as it allows spammers to identify real email addresses in an organization. If it doesn't bounce, it's a real address.

That's such a 1990s strategy.

- So many email addresses at companies are publicly listed everywhere that this isn't a useful "secret" to protect (see "security through obscurity")

- Anti spam systems are smart enough nowadays to block dictionary attacks - have been for a looong time

- Anti spam systems are pretty good at actually stopping the spam too even if you know the adresses

7
1

Re: Devils advocate. @Known Hero

Yet rarely does anything good come of imposing your own morality on other people..

8
0

As your conscience required // You aren't the morality police

1. How do you make a judgment call based on conscience without applying morality?

2. Both deleting and forwarding the e-mail will be seen as a judgment call based on morality.

6
1
Silver badge

2. Both deleting and forwarding the e-mail will be seen as a judgment call based on morality.

Morality doesn't have to come into it. If part of Flash's job is to pass on the emails where the addressee can be identified, then he can act on that basis alone.

12
0
Silver badge
Joke

@werdsmith

You do that stuff at the pub?! During Lunch no less? You sick pervert.

6
0

Re: Devils advocate.

If he's set this up to check for mis-addressed customer emails, then why is he reading emails sent between two employees? I smell voyeurism

3
0
Silver badge

Re: @Swarthy

Err, yes. Doesn't everyone?

If not, you are missing out badly. Live a little.

1
0
Anonymous Coward

Lived enough of these you mean.

0
0
Silver badge
Childcatcher

Sweet, Cold Revenge

If revenge is a dish best served very cold, and revenge is also sweet....is revenge ice cream?

Only if you milk it for all it is worth, otherwise it is sorbet.

I ran into a similar situation at a previous job. I was asked to transfer archived emails archived on a machine for a coworker who had transferred out of state. The application and method I was given to do this displayed one of the emails in whichever folder was being processed. It happened to pull up one that made it very clear that my coworker was having an affair, that both parties were married, and that she would be working with her new love interest. All in two lines. I finished the transfer and said nothing about it to anyone at work.

As far as I am concerned, the whole thing was an onion ("None ya business" for those not familiar with the term) despite the way Big Brother and Big Business would want us to buy into.

6
0

I hope you described in graphic detail what you are going to do in the pub

0
0

Re: ..bouncing incorrectly addressed mail

"This is a security issue, as it allows spammers to identify real email addresses in an organization. If it doesn't bounce, it's a real address."

This may have been the case 20 years ago, but not now. Spammers don't care what bounces. They don't care how many million duff email addresses they're using. There's much more work involved in removing the bad addresses from their spam list than in just leaving them in. Sending out the emails either cost minuscule amounts, or zero if you're hijacking someone else's email server. Bounces cost them nothing at all, because they're not coming back to them. So why should they care?

A company has a black-hole for bad addresses simply to avoid the hassle of handling them. It's a valid strategy, but may result in the lose of emails that could have an actual value to your company.

5
0
Joke

"Hmmm, did they claim expenses for two hotel rooms and not use one of them? Wasteful."

that brings us another option - forward to accounting for why they're getting two hotel rooms.

1
0

Re: Devils advocate.

bounce is better. That way as an admin you don't get into a situation you aren't comfortable with. Lets face it, that's between them and their SO's unless it impacts the business, and then its up to their managers and HR to request logs. Whatever my personal feelings are on it, my business one pretty much ends up correcting it and letting it go since that is/was the policy. Of course, I'd then immediately change the policy next week to bounce typoed internal emails after that. I generally follow a don't ask, don't care policy regarding people's personal crap at work...

I've accidentally ended up in similar situations myself on occasion due to monitoring the internet firewall for things like blocked legit sites that needed unblocked and run into someone surfing NSFW's. I'd typically just take them aside, QUIETLY, let them know they could get in trouble if another admin or the security guys saw that, and then let it drop. I generally wouldn't see their userid again pop up again, except for one of the night security guys... yeah, you don't wanna know...

2
0
Silver badge
Thumb Down

Re: Devils advocate.

"when does it become petty?"

When it's a moral judgement based on your own standards?

Two people making the beast with two backs who happen to be married but not to each other isn't necessarily wrong, let alone "evil"

3
0

<snip>

"In this case? I'd have done the same. If the Big Boss wants me to compromise my professional ethics by intercepting staff email on the fly, they can go fuck themselves."

I was once asked by a senior sales director of a large UK company if I could monitor an employees email. I said that I could but I would not do it under any circumstance but he could probably employ someone else who would. The director exited screaming and shouting at me, I just went back to work.

1 hour later he came back to me and apologised saying that he had a think about it and with me on watch his emails were as safe as anyone else s and he thanked me for standing up to him.

5
0
Silver badge

"Suppose the emails contained evidence of some crime that was later committed?"

I'll see your straw man and raise you. Suppose they contained confidential company information that would affect share prices? Difficult to avoid suspicion, even if innocent, if there were then suspicious share trades.

The fact is that intra company email can contain all manner of confidential information. It could be customer or employee personal data. It could be product plans. It could be results of clinical trials. All sorts of things above a support desk pay grade and operation of the email system shouldn't depend on such an employee opening it to route it correctly. It should bounce and give the sender a chance to re-route it correctly, sight unseen by anyone else.

1
0

Re: Devils advocate.

If the acts described in the email were illegal or likely to damage the company (industrial spying, for instance) forward it to the boss. If not, delete or forward, then forget about it. Such breast-beating over a trivial faux pas. Now, if one of the parties involved was the spouse of the original poster, I would understand the agita. Otherwise, you caught a co-worker doing something embarrassing, like dancing to music in their office or picking their nose.

1
0

2. Both deleting and forwarding the e-mail will be seen as a judgment call based on morality

No, a judgment call is deleting the email. forwarding is what he was tasked with doing, no judgment required. And, if he is going to police the morals of his co-workers instead of just forwarding the d@mn emails, let him disclose every pen he has taken home, even inadvertently, every time he looked at a personal email on company time, etc., etc.

1
0
Silver badge

The obvious solution is to just bounce invalid recipients, like everybody else

This right here, is how email works. User gets bounce, user realises their mistake and everybody is happy.

In this completely made up story the admin thought outside the box without reading any RFCs (as admins are prone to do) thought he was being clever and in the end not only snooped on other people's private lives (I mean using corp email for this stuff is begging for trouble but it's still essentially private) and also broke the entire global email system in the process.

This stuff doesn't have to be difficult but people really so enjoy trying to make it so.

Also if your boss has a problem with your email system working correctly go find yourself a new job and do it now because your company is probably going to go down in lawsuit and you're probably going to end up named as at best a witness and it's going to cost you a lot of money in legal fees.

2
0

Re: Devils advocate.

Obviously, the customer isn't always right. It is proper to let all misaddressed emails bounce. Otherwise, people are unaware of their addressing mistakes. Not only that, letting them bounce removes this ridiculous "morality dilemma."

1
0

Re: ..bouncing incorrectly addressed mail

The antique concept of denigrating 'security through obscurity' is so naughties. Private crypto keys are typically more obscure than keys under a doormat-- but both are obscure. Just to a different degree.

0
0

you only read enough to identify that this was no work related - honest

I believe the correct response is to return the email to the sender, indicating that you had only read

enough to identify that this was not work related.

Then remind the sender that personal messages should be sent using personal email.

Nobody will believe that you didn't read the whole email, but the message that you don't

appreciate having personal stuff like this get misdirected to you will have been delivered.

0
0
Anonymous Coward

If it's not anything illegal, or dangerous for the company, forget it.

In my country what he did would have been illegal (and once we had to identify and remove a mail admin who was monitoring the mail of a woman he got "too interested" in...)

Anyway, what people do in their free time is up to them. As long as what they do is not illegal, nor is a true risk for the company, is not a problem of mine - unless, for some reason, I'm very close to one of the involved people and I can understand the situation fully.

Did he sent it to the wrong address? It should have received the standard "cannot deliver" message. I received it by mistake? Delete it.

Sure, it can deeply change the opinion I have about them for ever...

16
0
Silver badge
Paris Hilton

"Flash was left forever unable to look the woman in the eye"?

I think I read recently that the Swedish Supreme Court ruled that posting sex tapes online wasn't defamation "because it is normal for adults to have sex".

Consenting adult has consenting adultery, what's Flash's problem?

20
0

Using the company mail server

was the problem here. Probably a disciplinary offense,

Personally I would have done as he did, burn the email with fire and forget it ever happened.

12
1
Big Brother

Re: Using the company mail server

A true BOFH would have filed the email under the names of the two people involved. Just in case, sometime in the future, one of them happened to be in a position to do him a "favour".

// Friday, innit?

// yeah, he did the right thing

9
0
Anonymous Coward

Re: Using the company mail server

A true BOFH would have filed the email under the names of the two people involved. Just in case, sometime in the future, one of them happened to be in a position to do him a "favour".

Given the sense of humour here and the fact that it's Friday I would have expected the "blackmail both" choice to top the poll. So yay for upstanding citizenship (pardon the contextual pun :) ), booh for not staying true to BOFH principles :).

(and yes, I would have deleted it too - we're still human).

6
0
Anonymous Coward

Re: Using the company mail server

Blackmail them both. Cash off the man, sex from the woman (or whatever floats your boat).

1
3
Anonymous Coward

Delete and say nothing

But I would have gone further and stopped providing the interception/redirection service. That way there would be no further ethical dilemmas.

Actually I wouldn't have provided the service in the first place unless everyone knew I was doing it.

22
0

Did the company make this policy known to everyone?

It seems to me that the company in question should have made this policy known to all employees (the one where undeliverable emails end up in a mailbox visible to admins) with a very strong warning that all such emails are liable to being read by people other than their addressees. And if you use company email for that kind of thing, you're an idiot anyway.

26
0
Silver badge

Re: Did the company make this policy known to everyone?

Yes, and perhaps put a few hints in the warning that the two perpetrators would recognise, just to make sure they got the message.

Mind you, I'm not subtle so it would probably have gone something like:

"Please remember that the email system is provided by $COMPANY for company business only, not so you can arrange affairs on company time. Please also remember that IT have access to all your emails, especially the ones you don't address correctly and we'd really rather not have to read your home made porn anymore."

1
0
Anonymous Coward

Re: Did the company make this policy known to everyone?

Please also remember that IT have access to all your emails, especially the ones you don't address correctly and we'd really rather have you email us directly with such material to save time

FIFY, BOFH style :)

13
0

He did the right thing IMO

Its a hornets nest. Another problem is that you don't know if his e-mail would have been appreciated or could be filed as sexual harassment. One way or the other erotics has no place in the office, so this is definitely the best way to go: remove it, the guy will probably have gotten the hint and yeah...

Then again: maybe because the e-mail got deleted the guy felt rejected by the woman and so he left the company? ;)

6
2

Invasion of privacy

Nothing to do with the admin, he shouldn't be reading the emails, should just forward them on.

Why even have a catch-all for misspelt emails? Let the user receive an undelivered mail message like every other mail server does.

Sounds like an excuse to read other peoples mail.

17
2
WTF?

Far to much time....

...if he has enough time to trawl through misdirected emails, he has one cushy job.

3
2

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing