Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Why am I getting a bounce to an email I sent from someone I didn't send it to?

Question: I recently sent my husband an email. He received it but I also got this
message: “Undeliverable mail returned to server.” The weird thing is
that it’s his boss’s email that was “undeliverable”, and I
never typed it in. I didn’t even know his email. Does
this mean his boss is spying on him? Is it possible his boss is
receiving a copy of every mail he gets?

So you send an email to person “A” and get a bounce from person
“B”?

Something’s fishy, that’s for sure.

If it is what you think it is, then his boss screwed up. But if that
was a company email account, then he has every right to do exactly what
you – and I – suspect.

Become a Patron of Ask Leo! and go ad-free!

First, quickly, the issue at hand: can an email address like
“someone @ somewhere .com” be intercepted and automatically and
transparently copied to another address? If you own the server that
handles the email for “somewhere .com” then the answer is absolutely
yes. That email can be automatically copied, logged, forwarded,
scanned, analyzed … whatever. The mail server that receives the email
can do all sorts of things.

Including sending copies to your husband’s boss.

Which, I agree, is exactly what this looks like.

However in this case your husband’s boss – or rather his IT
department – screwed up, in at least a couple of ways:

“… your privacy ends where your paycheck
begins.”
  • That email should never have bounced, and certainly should never
    have bounced back to you. And that’s for the simple and obvious reason
    that because of that bounce you found out that something might be going
    on.

  • That particular approach of automatically forwarding to another
    inbox is error prone anyway for exactly that reason. It’s a poor,
    though simple solution. More appropriate might be to log all incoming
    mail to a file. As an example, I happen to log all of my incoming email
    (including spam, in case I need to go back and find a false positive)
    on my mail server. That’s in addition to downloading mail into my email
    client.

What most people fail to realize is that companies are allowed to
monitor employees like this. When you use company equipment and
services, the fact is that they can spy on you. As I’ve put it before,
your privacy ends where your paycheck begins.

So, what can you do?

First: don’t email your husband anything you wouldn’t want his boss
(or IT department, or anyone else for that matter) to see, especially
not on that company email account.

You might think to just use a different email account (one of the
free web-based services, for example), or an instant messaging service,
but the problem here is that the company can frequently still monitor
what’s going on.

The only potential solutions that I can think of are encryption, in
either of two forms:

  • Having your husband use one of those web-based email services and
    making sure to access it only via an encrypted https connection. This
    is pretty easy.

  • Using true encrypted email, so that even if his boss does get a copy
    he can’t read it. Sadly encrypted email’s not typically that easy to
    set up.

But even so as I’ve discussed in
earlier articles
, if your husband is using a work computer to read
your email, then all bets are still off. The company could have
installed monitoring software or spyware on the machine.

If you really don’t trust the company, and it seems like
you have data to say that you can’t, the only real solution is to
communicate via other means not owned or controlled by the company. A
cell phone, perhaps with its own email and IM access, for example.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

3 comments on “Why am I getting a bounce to an email I sent from someone I didn't send it to?”

  1. Nothing sinister going on. My husband owns his own company & we both receive emails addressed to admin@ One goes to him at his office & the other comes to me on the home computer. Plus we also receive emails addressed to us individually on our own PCs.

    Reply
  2. I recently checked my yahoo email to find that I had a number of “bouncebacks” to emails that I had NOT sent (I hadn’t sent any emails from this account in weeks), and whose destinations were not in my contact list! Did yahoo have a virus?

    Reply
  3. —–BEGIN PGP SIGNED MESSAGE—–
    Hash: SHA1

    Nope. That’s just the result of common spam.

    Leo

    —–BEGIN PGP SIGNATURE—–
    Version: GnuPG v1.4.7 (MingW32)

    iD8DBQFIPZC6CMEe9B/8oqERAtZGAJ9GSY9t2FyebWJayDLy9Zxkfjw0OgCdFBfk
    IIV9onbMXc1D9eFtiaC7+Rc=
    =bLph
    —–END PGP SIGNATURE—–

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.