Helping people with computers... one answer at a time.

Often times when you send an email and there's a problem you'll get a bounce in return. If that bounce is from someone else, something might be fishy.

I recently sent my husband an email. He received it but I also got this message: "Undeliverable mail returned to server." The weird thing is that it's his boss's email that was "undeliverable", and I never typed it in. I didn't even know his email. Does this mean his boss is spying on him? Is it possible his boss is receiving a copy of every mail he gets?

So you send an email to person "A" and get a bounce from person "B"?

Something's fishy, that's for sure.

If it is what you think it is, then his boss screwed up. But if that was a company email account, then he has every right to do exactly what you - and I - suspect.

First, quickly, the issue at hand: can an email address like "someone @ somewhere .com" be intercepted and automatically and transparently copied to another address? If you own the server that handles the email for "somewhere .com" then the answer is absolutely yes. That email can be automatically copied, logged, forwarded, scanned, analyzed ... whatever. The mail server that receives the email can do all sorts of things.

Including sending copies to your husband's boss.

Which, I agree, is exactly what this looks like.

However in this case your husband's boss - or rather his IT department - screwed up, in at least a couple of ways:

"... your privacy ends where your paycheck begins."
  • That email should never have bounced, and certainly should never have bounced back to you. And that's for the simple and obvious reason that because of that bounce you found out that something might be going on.

  • That particular approach of automatically forwarding to another inbox is error prone anyway for exactly that reason. It's a poor, though simple solution. More appropriate might be to log all incoming mail to a file. As an example, I happen to log all of my incoming email (including spam, in case I need to go back and find a false positive) on my mail server. That's in addition to downloading mail into my email client.

What most people fail to realize is that companies are allowed to monitor employees like this. When you use company equipment and services, the fact is that they can spy on you. As I've put it before, your privacy ends where your paycheck begins.

So, what can you do?

First: don't email your husband anything you wouldn't want his boss (or IT department, or anyone else for that matter) to see, especially not on that company email account.

You might think to just use a different email account (one of the free web-based services, for example), or an instant messaging service, but the problem here is that the company can frequently still monitor what's going on.

The only potential solutions that I can think of are encryption, in either of two forms:

  • Having your husband use one of those web-based email services and making sure to access it only via an encrypted https connection. This is pretty easy.

  • Using true encrypted email, so that even if his boss does get a copy he can't read it. Sadly encrypted email's not typically that easy to set up.

But even so as I've discussed in earlier articles, if your husband is using a work computer to read your email, then all bets are still off. The company could have installed monitoring software or spyware on the machine.

If you really don't trust the company, and it seems like you have data to say that you can't, the only real solution is to communicate via other means not owned or controlled by the company. A cell phone, perhaps with its own email and IM access, for example.

Article C3383 - May 15, 2008 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

3 Comments
vella
May 20, 2008 11:29 PM

Nothing sinister going on. My husband owns his own company & we both receive emails addressed to admin@ One goes to him at his office & the other comes to me on the home computer. Plus we also receive emails addressed to us individually on our own PCs.

David Mountjoy
May 27, 2008 8:41 AM

I recently checked my yahoo email to find that I had a number of "bouncebacks" to emails that I had NOT sent (I hadn't sent any emails from this account in weeks), and whose destinations were not in my contact list! Did yahoo have a virus?

Leo
May 28, 2008 10:05 AM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Nope. That's just the result of common spam.

Leo


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iD8DBQFIPZC6CMEe9B/8oqERAtZGAJ9GSY9t2FyebWJayDLy9Zxkfjw0OgCdFBfk
IIV9onbMXc1D9eFtiaC7+Rc=
=bLph
-----END PGP SIGNATURE-----

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.