I work for a large company. Over the past year we’ve being seeing weird email messages from an evidently disgruntled ex-employee. Lunatic rantings about discipline, harassment, his boss’s failings etc. From what I can gather, every staff member is receiving these mails - so you’re talking hundreds, maybe 1000+ people.
I know nothing about email security - what I’m interested to know is why our IT dept isn’t doing anything to stop it, is it possible to curtail these sort of mass mailings? They always feature an attachment, usually a MS word file about 300K in size. One time it was 1Mb - sending a 1Mb file to 1000 people, surely there’s ways to block this?
I have no stake in the affair, don’t know any of the people involved directly. I do, however, think it’s bang out of order that someone can send malicious, harrassing emails about a person to all and sundry and our employer seems powerless to prevent it. Is this IT incompetence, or just another ‘it’s the internet, you’ve just got to ignore it’ situation?
Is this a matter of sending it to aaron@company.com and anderson@company.com and andrews@company.com and … and zeeman@company.com, or is he sending it to a single address like everyone@company.com?
Possibly a little of both. There’s probably a legitimate need to allow email from outside to get to employees, and there’s probably a legitimate need to allow attachments, so simply cutting either off totally is probably unworkable.
Beyond that, how hard it is to stop depends on how he is doing it. If he always sends from the same email address and is sending to a single email address that expands out to an all-company distribution list, then it should be easy for the admins to stop. If he’s constantly setting up one-time-use email accounts from different places, it gets harder.
All she’s got to do is know the distribution list address she wants to send to.
ie, if you’ve got an allemployees@yourcompany.com address unless they want to change that address for everyone who actually uses it for the purpose it’s intended for there is no real way to block her.
You can block one email address but she’ll just create another. More likely they’re saving them all so they can sue the pants off of her.
We have loads of sub departments with various distribution lists, but he seems to have that taken care of. I recall early ones were to listserver type addresses, whereas the most recent one was to everyone whose name begins with m (as my name does).
[quote=“Moonlitherial, post:4, topic:549048”]
ie, if you’ve got an allemployees@yourcompany.com address unless they want to change that address for everyone who actually uses it for the purpose it’s intended for there is no real way to block her.
QUOTE]
Not true. I’ve configured all the distribution groups in our mail server so that you have to be a member of the group to send to it. Trivial, really.
She could have also run an LDAP export of all the email addresses before she left.
If she sends them from multiple origins, it would be hard to stop
Our “allcompany” distribution list needs approval, it wouldn’t go out that way. But I could export everyone’s email address in a simple query and batch up emails pretty easy, sourcing them from dozens of free email accounts - and it wouldn’t be SIMPLE to block - and I’m not really even technical. Could be done - a lot of spam filters would allow you to put in her name for instance, if she signs them, they’d get blocked.
Reminds me of the time that i was pissed I would go to Outlook Web Access and lockout a bunch of the managers accounts every hour or so (i have a lot of time on my hands) by entering the wrong password many times. There was no real way to stop it. I knew the username convention i suppose they could track it down and block all requests by my ip but i just gotta unplug my modem for a few minutes
I once worked at a company where we all received an email that a female employee had sent to her husband (another employee) – obviously personal, and rather ‘romantic’. Followed shortly by an apology email from her.
She had setup a nickname for her husband on her computer: Al@company.com. But accidentally typing 2 l’s sent it to address All@company.com – a list of all company employees.
Your IT department should be able to use their spam filter to block emails coming from his address - assuming he just uses one, or from his domain, or containing characteristics of his messages.
If your IT knows what they are doing. A lot of IT is now being outsourced and combined. I’ve worked at places where you really have low level IT techs and they report to a company in India or someplace else.
The result being it takes forever to get something done. So dealing with spam is last on the list, especially if you can set up your email program to filter it out. Some IT depts are overworked and figure, just setup filter at your end instead of taking care of it at the server.
Without see it, you could actually have a computer infected with malware and sending it out without that person knowing it.
You could even have a CURRENT employee who’s mad and using this long gone employee as a mark. In otherwords current employee is mad and spams company and makes it look like the person who left did it.
You would have to have the IT person look at the mail and invest time to trace it backwards and see how it’s coming in.
Truthfully unless you have a dedicated IT department that isn’t spread out among locations, they don’t have a lot of time. I’m sure this email problem is on a list, at the bottom 