Admin fishes dirty office chat from mistyped-email bin and then ...? Welcome again to On-Call, our weekly (and preponderantly prurient) piece in which readers share horror stories from their workplaces. This week, we're going interactive, because the situation in which reader “Flash” found himself describes an ethical dilemma The Reg feels un-qualified to address. Flash once had a gig “ …
Correcting recipient addresses does in no way imply that you can read the contents.
What he should have done is set up an application that only shows the recipient list and hides the content. Anyone asking could therefor be shown the application and rest easy that their smutty secrets remain hidden. And he could have lived his life blissfully unaware of the rampant beast lurking below.
It sounds like the email "bucket" needs a little more functionality. After something has been undelivered for a set amount of time, simply knock it back to the sender as "undeliverable".
That removes the need to actively do anything and the response can be made as "machine generated" as the admin likes. It depersonalises the situation and alerts the sender that something was amiss.
"The first rule of email admin is that you don't read the content unless it's addressed to you."
Best comment, so far. Have an upvote and a story from me. Anon, because.
In this international company, the french branch of HR was the most perverse lot of fuckwits, and they, on some sites, would routinely come to the local mail admin to ask for access to staff mailboxes, on the ground of "wrongdoing" (that would never be explained). Nothing written, all verbal insinstant requests.
Of course, the goal was to pressure people into leaving, for whatever reason. So much convenient than firing them (french contracts).
As the corporate guy in charge of email in the whole company, I got so fed up to hear that mail admins were routinely complying with the requests that I sent all of them an email dismissing those requests as unethical, and illegal (they are in France) and urging the guys to ask for a written request.
At the time, I got a lot of flack, from the mgr of one of the guys because my email had a bit savaged his little trade with HR.
However, years after, when I had to investigate through the mailbox of the CEO of the company (this was serious stuff, with layers etc ...), the request came in all proper and written by the right VP.
Ethics, unlike morals, always win out people's respect.
Probably the second rule is something like "even though I have no interest in reading your mail, each and every host it goes through does have the capability of reading it: assume that I'm the exception among these admins and if you want privacy, encrypt the mail or don't use email at all".
Not using email at all would have been the smart thing to do in this case, since the recipient metadata is still in the clear. But then, the sender probably wasn't the sharpest tool in the box and no amount of explaining would have led him to do the sensible thing.
Best course for this admin would have been to refuse to scan the emails in the first place. Or only set up filtering with the policy that all misaddressed mail will go directly to a public (office-wide) noticeboard. Either that, or refuse to look at the content and base redirections solely on the To: field. I prefer the more dramatic option, though.
In person (no e-mail trail) take one of them aside and suggest they should switch to a non-work e-mail for personal correspondence.
It's none of my business what they get up to, but if they're using a network I have control over then someone could make me make it my business, and I don't want to be in that position.
And let them know that you're a snooping peeping Tom?
God no, I don't go looking for people's correspondence or web traffic. I'm only thinking of the scenario where I saw it in the course of my normal work. Like HR leaving someone's firing papers on the printer, the very act of trying to figure out what to do ("Who's is this? I should return it to them") leads you to learn things you didn't want to.
Catch-all addresses attract spam, and you're either going to get fried for snooping, or fried for passing mail on to the wrong address. Even if you survive a potential frying, you've made an open-ended commitment to sorting out typos for users who won't bother to check where they're sending stuff.
They are useful as diagnostic tools though, especially when rogue users start setting up shadow IT systems and misconfigure them... Yeah yeah, this is an ancient example, so shoot me...
Me: Please shut down your Netscape Collabra server, your "intranet" is not officially sanctioned and is insecure.
Him: This matter does not concern you.
Me: Security of the campus network IS my concern. It's actually part of MY job.
Him: I still don't see why it's any of your business.
Me: Do you admit that you are running an unauthorised server on personal equipment ?
Him: I refuse to incriminate myself.
At this point, I hold up a print-out of a bounced e-mail from the offending machine, because he cocked up the configuration.
Me: Are... You... Run-ning... A... Net-scape... Coll-ab-ra... Ser-ver ?
It's a bit like that scene from Red Dwarf where Captain Hollister asks Lister about Frankenstein, but I was determined that this guy and the intranet weren't going to have a baby intranet.
Our system policy is to keep a copy of everything that goes in or out - this is a requirement in some environments and a lot more common than you might think. The backups are deleted automatically (also policy) after 90 days and very occasionally I have to look through the backups to retrieve a specific message based on Subject and Time.
So I could look at a lot of stuff but I don't - it's none of my business unless there is some requirement to do so - I sleep well at night.
Catch-alls, backups and network traps are legion - have we not learned that yet? If you are doing anything that you don't want published - then don't leave a record.
....which I'm pretty sure everybody here is already aware of is:
Never put anything in an unencrypted email which you wouldn't be happy to write on a postcard and send through the post in plain sight of the postmen, sorting office workers, that nice young lady who works in the post room at work, the trecent school leaver trainee who actually drops stuff at your desk, and all your colleagues who might casually glance at your in-tray as they walk past your desk.
Because that's pretty much what you're doing if you send an email without end-to-end encryption...
"write on a postcard"
Yeah, that's the lesson that users need to learn and re-learn and re-learn ad nauseum. Most users still think of email as being like a letter sealed in an envelope and it will still get to the correct destination even with a typo or two because the nice friendly postman will recognise the typo and still deliver it to the right address because s/he knows all the customers on the route personally.
I found one in a mail loop between one or our systems saying that IT were a bunch of wankers and that the new policy of not sending personal emails was useless as they would never know, the down side of that one was it was a student on the last week of his uni work experience required for his qualifications, when he was escorted off the premises, I passed it on to his boss.
I've been called FAR worse things over the years by users.
I would have taken chummy aside and "had words", maybe go as far as a scare-the-bugger-half-to-death, but dobbing him in like that ? That's just cold.
Anyway, I have room to talk about bad behaviour on placements - I was blind drunk by 10am on the day I was supposed to meet my placement supervisor for the first time. Okay, it was my 21st birthday, and yes, THAT was my "present" !
That's what I would have done too. If illegal delete else forward. Just because you can enforce your morals on your users does not mean you should.
Of course, in bigger companies the bosses can do exactly that with codes of conduct and the like which you have to factor into your decisions.
Correct the address, but in a way that it will go to a different recipient!
Of course, this only works if the original recipient's address is close to someone else. But since they can't type the address correctly, why not get that email on its merry way? "Gee, I see that email didn't go to its intended recipient. Too bad you typed in someone else's address..."
While I agree that catch-alls can be a problem, in small service companies they can be a life (company) saver.
A small business I still do occasional work for has a catch-all for anything that hits the server. This is frequently hit by potential customers that (for example) spell 'accounts' with only one 'c'. If these emails aren't picked up that's a business loss small companies simply can't afford these days.
Sorry to come back on this, but a bounce is absolutely the worst thing you can do as a small service company. The original sender won't read the message (probably assuming the bounce was due to the business going bust) and will simply contact another company.
As for trapping the 'common' mistakes, that would be one hell of a long list! You should see some of the ones we get. The company I'm referring to has two main addresses, 'Accounts' and 'Service'. As well as that there are about five named individuals. The combinations are endless - most are highly amusing too!
"While I agree that catch-alls can be a problem, in small service companies they can be a life (company) saver."
There's a difference between external mail and internal mail in this respect. And the larger the company the greater the probability that there will be legitimate internal mail that's above the monitor's level of responsibility.
If you think you need a catch-all make sure everyone knows about it and whose will be reading it. At least anybody who's sending anything sensitive (personal or business) can either take extra care with addresses or choose not to use email. Shock-horror - other methods of communication exist!
You two must be guests from some parallel universe. Around here, real life seems to correlate nicely with the poll result - where majority of responders selected one of two "it's none of my damn business" options.
Yes, I've heard an occasional story of peeping Toms in IT, but these don't seem to last long enough to leave a lasting impression, so their existence is not fully confirmed.
Welcome to The Register then. Hope you come in peace.
Unless someone in management asked Flash to do this then he's way out of line and should be fired. I'd also advise Flash to find an IT job that does not put him in a position to access his co-workers personal data as it looks like he has some serious issues with respecting boundaries.
I'd love to know what's wrong with letting mail bounce. Why on earth did Flash feel the need to set up a 'catch-all' account? While I'm at it, why would anyone want to manually route email?
I imagine that Flash is/was fresh in the job. I remember that when I was new, I was eager to please while at the same time heady with the responsibility. And aware of how difficult it is to get a decision out of management.
Rather than ask what to do with misaddressed email and still be waiting for a decision when I retired, as an eager to help people young IT professional, I might have done what Flash did.
Of course, when the inevitable saucy email arrived, I would turn it all off again and let it bounce and pretend I hadn't done nothin...
I'm rather disappointed at the lack of BOFH potential in this threat. And the lack of people who voted for "blackmail both parties". Personally I would have voted for having the email projected onto the front of the building in foot high letters, but that option was mysteriously missing...
Then again, the BOFH would never have foolishly created extra work for himself. And simply set up an search of the email database to bring any interesting or useful items to his attention automatically.
> the BOFH would never have foolishly created extra work for himself
A true BOFH would set the defaults so that incorrectly addressed internal mail would go to everyone. That way it would be sure to end up in the right person's email (and all the wrong people's, but that's FH-ism for you).
Where's the ethical dilemma then? Married or not makes no difference. Using company email for private purposes is nothing. It's a bit iffy though that he reads emails not meant for him. Those emails should bounce as they are required to do, so the sender updates their email details. He should stop trying to fix up those cases when there's a well defined protocol for it.
Perhaps she would have become the love of his life? But he was spurned when she didn't answer his email!
Humans are biologically programmed to want sex and fall in love. And seriously do you think married men and women don't fall in love/lust??
I remember I used to go to conferences with this woman, a smart beautiful woman, who was in a relationship. I was crazy about her anyway.
There would always be an icebreaker at these things, and people would hook up.
One time she mentioned she'd be going to the Manchester thing, and her boyfriend wouldn't be going. I got my hopes up high. At the icebreaker, I hit on her all night, made a total ass of myself. At the end of the night most people had gone to bed, just me, her and the organizer, a notorious womanizer, were left. He'd obviously struck out that night since he was alone. I was determined not to strike out.
I saw the room allocations, he was on floor 3, me on floor 4, her on floor 5. We went to the lift together.
So he will get out on floor 3, and I would have 1 floor, 1 last chance to get her. What would I say? How would I convince her to come to my room? If I failed, I'd be too embarrassed to look her in the eye again, I'd burned all my bridges. Would I even have the nerve to say it?
So what did I say?
Well the lift opened at floor 3, and she and the organizer got out of the lift and headed to his room.
Ouch.
Well the lift opened at floor 3, and she and the organizer got out of the lift and headed to his room.
And after the lift doors had closed she thanked the organizer for helping her get rid of the annoying guy who'd been hititng on her all night, and headed back to the lift to go to her room.
I suspect the admin had the best of intentions at the time. There was a time email was newish and he probably thought he was helping people out by fixing typoed email. I doubt he was thinking it would be a problem getting work related emails and sending them on their way.
Me? I'd nuke it and then consider if I want a catch-all anymore. Maybe just check the mail logs and add some alias for some common problems. It is easy to be the armchair general with hindsight though.
I've had that live for about a week for test purposes, and the amount of crap that gets thrown at an email gateway to deliver spam, malware and ads for "medicinal" products ended that test quite rapidly.
May all spammers suffer accidents involving their genitals and nail guns. Repeatedly.
Flash it not the moral police so just keep his beak out. Consider this outcome:
Flash forwards the email to recipient, recipient is not happy with email and reports it , sender quite rightly says that he did not send it to them, Flash in the poo right up to his neck.
What a decent person would not have done is to mention the details to anyone so much better to bounce and not be such a nosey bugger.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
