Do Your Email Users Know Too Much?

Over the years users have found countless ways to get around things when it comes to email. Years back I remember when organizations would block access to sites like http://www.gmail.com or http://mail.yahoo.com only to find out that a simple hack of using the secured site, https, would bypass the filter and let people access their personal email.

A much more clever work around came to light in the wake of the General Petreaus scandal. News reports showed how he and his mistress would communicate without leaving the easily traced, and spotted, footprint that accompanies emails.

Using a shared Gmail account the two would write up an email and save it as a draft. The other could log in, read it, delete the draft and then respond in the same way. Since the message was never sent or received the communication was never flagged.

As users grow comfortable enough with their technology they find it easy to apply little hacks, tricks and workarounds to their email. A simple Google search will provide them with both textual walkthroughs and a plethora of videos to turn them from basic email users to power users with just enough information to be dangerous.

As email administrators we restrict many things because we know the problems that they can cause. Our users often see this as a hindrance to what they want to do, even if it is something that in no way, shape or form relates to their job.  Since they don’t see the harm in working around something, they go ahead and hack up their Outlook email client. Here are a few of those work-arounds that can really drive an email administrator crazy…

Access personal mail

If your organization’s web content filter blocks the domain names of popular free email providers there is still a way that users can read and reply to personal email. By using their Outlook email client they can create new accounts in Outlook, enter their personal mail settings and have complete access to these accounts.

Mail filters and security solutions can be configured to block this, but most small-medium sized organizations don’t have this blocked.

Permanently delete messages

When you delete a message in Outlook it goes to the Deleted Items folder. At a later time, you can go and empty that folder. This little fail safe makes it easier on the mail administrator when someone accidentally deletes something they shouldn’t have. If it was deleted by mistake, they get a do-over by going to the Deleted Items folder and restoring the message.

However, if your users learn that holding the Shift key while pressing the Del key will bypass the Deleted Items folder they may start making that a habit. Then when accidentally delete a message, there is no way for them to retrieve it.

Schedule messages

Some people use Outlook for years and are never aware of the fact that a message can be scheduled to be sent at a specific day and time. This sounds like a great time saver and some people have really learned how to make this feature work for them.

There is no security concern or storage issue with this, but I am sure that everyone reading this can think of three people right away who would schedule the wrong date, forget to save the changes or mess something else up and then call for support claiming that their email was never sent.

Images in the email signature

People receive thousands of emails that contain images, and thousands of these emails have those very images blocked by the email client or by the email security appliance. Yet even with firsthand experience, people still don’t realize that if their email client blocks images, others likely do as well.

Outlook makes it easy for a person to include an image in their email signature. All it takes is a five minutes to research on the web and two minutes to configure.

Unfortunately, some of those people create a great looking image with their contact information only to have it show up as a little red x in almost every recipient’s box.

Over the years I am sure that you have found some other interesting work arounds that your users have tried, please share them with the other readers in the comment section below.

Written by Jeff Orloff

4 Comments

  1. Jackson · January 16, 2013

    I know a lot about e-mails, and yes, I sometimes do some of them, not because I want to break the laws in our company but because I just find them convenient. For instance, I am now using Outlook for all my e-mail messages, straight from Gmail and Yahoo. It simply saves me time. But going back to the issue, I don’t mind if employees know a lot about e-mail. In fact, that’s good because it means they are actually aware of the dangers as well. What’s extremely important is the enforcement of penalties should these people go overboard.

  2. Tana George · January 16, 2013

    I must admit I’m guilty of teaching friends how to bypass email regulations that seem unfair, or simply inconvenient. However, the most shocking situation is when just an ordinary user knows more about how to bypass a rule than the admin, who has enforced it. Roles reversed – now, this is a problem!

  3. Agnes · January 27, 2013

    You’re exactly right, Tana. It only means one thing: the company has hired the wrong people for the job. If the typical employees who are non-IT, most especially, can bypass the system without the knowledge of the system administrator (which is worse), then it means anything can get through the system, particularly the most dangerous ones! Is this is truly happening in your company, you might as well give a hint to your management before things become out of control or serious. After all, a lot of data can be at stake here.

  4. Melody · January 29, 2013

    I know a lot of things about e-mail, but those system administrators have nothing to worry about me since I know how to follow the rules. I don’t see the reason why I should bypass the security, especially if I only have to read my personal mails. I always have the time to do that after work. Besides, if the matter is urgent, I don’t expect them to e-mail but perhaps call or text me, which is definitely allowed in my company. But I can only speak for myself. I just wish people would just learn to follow the rules and go through proper channels if they find them too strict rather than circumventing them.

Leave A Reply