Automatic BCC on all messages

[thatotherguy]

Hey,
We have a staff member that all the other staff memebers know spends all day
sending emails to friends, but we need evidence to do anything about it, so
Ive setup an email account to catch copies of emails sent out, now I need to
setup something so that everytime an email is sent by that user, a BCC is
sent to this catch-account. Ive hunted around in the rules, and theres
nothing that applies before sending, and I've implemented a script that I've
found on the net, and while it works when the BCC address is an external
account (such as hotmail), it doesn't want to know when it's an internal
address, which is really stumping me...

The scripts I mentioned are from this webpage -
www.outlookcode.com/d/code/autobcc.htm. Ive tried the first two, the third
just throws up an error (Im assuming that it's something to do with Outlook
2003 not using the "Redemption libraries", so that no big deal).

Absolutely any suggestions welcome
Cheers,
Jeff

 

[VanguardLH]

in message

We have a staff member that all the other staff memebers know spends
all day
sending emails to friends, but we need evidence to do anything about
it, so
Ive setup an email account to catch copies of emails sent out, now I
need to
setup something so that everytime an email is sent by that user, a
BCC is
sent to this catch-account. Ive hunted around in the rules, and
theres
nothing that applies before sending, and I've implemented a script
that I've
found on the net, and while it works when the BCC address is an
external
account (such as hotmail), it doesn't want to know when it's an
internal
address, which is really stumping me...

Why are you relying on any software installed on the host to which the
suspect user has access? They can undo anything you do. Get a packet
sniffer to watch this employee's traffic. Ethereal (now called
Wireshark) is free. Your IT folks already know how to do that.

 

[Duncan McC]

Hey,
We have a staff member that all the other staff memebers know spends all day
sending emails to friends, but we need evidence to do anything about it, so
Ive setup an email account to catch copies of emails sent out, now I need to
setup something so that everytime an email is sent by that user, a BCC is
sent to this catch-account. Ive hunted around in the rules, and theres
nothing that applies before sending, and I've implemented a script that I've
found on the net, and while it works when the BCC address is an external
account (such as hotmail), it doesn't want to know when it's an internal
address, which is really stumping me...

The scripts I mentioned are from this webpage -
www.outlookcode.com/d/code/autobcc.htm. Ive tried the first two, the third
just throws up an error (Im assuming that it's something to do with Outlook
2003 not using the "Redemption libraries", so that no big deal).

Absolutely any suggestions welcome
Cheers,

Here's another suggestion...
(PS: you don't mention if your running Exchange Server, I presume you're
not though - as the job is then trivial really, and I can think of at
least one way, just using OWA).

Dig into their pst location, share the folder (possibly just for
yourself). Grab a copy of it every now and then (and when it's not held
open/locked by them (running Outlook)).

They probably won't notice that, unless they're quite computer savvy, as
it's a hidden folder etc. Whereas your BCC methods, the user can easily
go to Sent Items, open any email, and hey, they notice their emails
include a BCC to another company user.

 

[F. H. Muffman]

Here's another suggestion...
(PS: you don't mention if your running Exchange Server, I presume you're
not though - as the job is then trivial really, and I can think of at
least one way, just using OWA).

Why even use OWA? Just turn on Message Tracking and look for messages from
that user.

I mean, a user can always not save sent items, but the Message Tracking will
always track a message sent through Exchange.

Of course, if they aren't sending the mail via Exchange, you're pretty much
out of luck there.

Personally, as a former admin, I find this sort of work distasteful. Either
the person is getting their work done or they aren't. If they are, then who
cares. If they aren't, you don't need to look at who they are mailing.
They aren't getting their work done and that right there is *far* more
actionable then if they are mailing cousin Susie or their BFF Ronnie.

Also, again as a former admin, before you even think of calling a person out
on sending email to friends, make sure that the policies that are in place
state that that isn't allowed. Because, if there isn't something somewhere
saying 'Your email use is limited to company/organizational use only, it is
not to be used for personal mail,' you're on very thin ice. But that
doesn't even cover gmail or hotmail. That covers Outlook and the internal
mail server. It is a very very slippery slope when you start trying to
control users internet usage at work and loopholes are plenty. The best
policy is 'If you don't get your work done, you're going to be fired. If
you get your work done, we won't care. Either way, don't do anything
illegal using the internet connection or we will turn you in to the
authorities.'

 

[Duncan McC]

Why even use OWA? Just turn on Message Tracking and look for messages from
that user.

Yep, I just mentioned one easy way. I enable Message Tracking at all my
clients running Exchange, as I often get asked to "find mail" etc (eg. a
user phones me and tells me an email's been sent from someone, but they
ain't got it. So I can dig in and see if it's been through the server).

I normally increase the Message Tracking limit too, to 90 days.

I mean, a user can always not save sent items, but the Message Tracking will
always track a message sent through Exchange.

Of course, if they aren't sending the mail via Exchange, you're pretty much
out of luck there.

Personally, as a former admin, I find this sort of work distasteful. Either
the person is getting their work done or they aren't. If they are, then who
cares. If they aren't, you don't need to look at who they are mailing.
They aren't getting their work done and that right there is *far* more
actionable then if they are mailing cousin Susie or their BFF Ronnie.

Also, again as a former admin, before you even think of calling a person out
on sending email to friends, make sure that the policies that are in place
state that that isn't allowed. Because, if there isn't something somewhere
saying 'Your email use is limited to company/organizational use only, it is
not to be used for personal mail,' you're on very thin ice. But that
doesn't even cover gmail or hotmail. That covers Outlook and the internal
mail server. It is a very very slippery slope when you start trying to
control users internet usage at work and loopholes are plenty. The best
policy is 'If you don't get your work done, you're going to be fired. If
you get your work done, we won't care. Either way, don't do anything
illegal using the internet connection or we will turn you in to the
authorities.'

Agreed absolutely, work place policy should definately be in place for
internet use.

As an admin of a number of clients I pride myself on *not* invading user
privacy. I'll typically see "To's" and "Subjects" as part of been asked
to report usage etc. But if I'm asked to send emails from a user to a
more senior person, I prefer to try and talk them round to what often is
just a case of re-iterating work place policy to the person they're
concerned about. And that's usually the end of the matter.

Basically, my privacy is important to me - I assume it's important to
others as well.