General discussion

Locked

MS Exchange "Alternate Recipient" setting ?

By roylai ·
Can users know if "Alternate Recipient" is set ?

Dear folks, I have heard about a problem from next door, and looking for your ideas to stop this from happening.

The IT administrator in next door changed the setting in MS Exchange to setup himself as an alternate recipient of a manager, so that he will get a copy of every mail sending to that manager. Basically it is a serious security problem as the recipient does not realize that, well... until someone sends him a message with acknowledgement, and find someone else have read that.

Is there any way users can feel more comfortable to verify their settings ?

Thanks for your advice

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
Thread display: Collapse - | Expand +

All Comments

Collapse -

I don't believe so, but...

by Eric-M In reply to MS Exchange "Alternate Re ...

Since no one has replied, I will take a stab at this one...

I do not believe there is any way for your users to see if the "Alternate Recipient" property is set to something without having the AD Users & Computers utility installed on their computer and having the permissions necessary to view it.

However one thing you could do is turn on auditing, set the security log size large enough to capture a significant amount of data (if you have the space, a 500 meg log is not out of the question) and then instruct all IT staff to never clear the log without saving it first. This would prevent an admin from changing it then changing it back a week later without getting caught.

Again, I am not 100% sure that there is no other place to view the "Alternate Recipient" property, but I always see the setting used to spy on people, I am not guessing there is a way for the non-techy to do it.

Eric

Collapse -

I don't think there is any way for a regular user to know

by AV . In reply to MS Exchange "Alternate Re ...

Only another Admin can tell because they have access to the tracking logs and MS Exchange Administrator settings.

I'm not sure if the sender requested a delivery or read receipt if they would get one back saying the alternate recipient read or received their message either. Definitely not, if relaying is turned off.

NDR's may be another story, but it still may not identify the name of the alternate recipient.

If you turn on the tracking logs, even though they are cryptic, they will probably show that there is an alternate recipient.

Collapse -

I don't think there is any way for a regular user to know

by AV . In reply to MS Exchange "Alternate Re ...

Only another Admin can tell because they have access to the tracking logs and MS Exchange Administrator settings.

I'm not sure if the sender requested a delivery or read receipt if they would get one back saying the alternate recipient read or received their message either. Definitely not, if relaying is turned off.

NDR's may be another story, but it still may not identify the name of the alternate recipient.

If you turn on the tracking logs, even though they are cryptic, they will probably show that there is an alternate recipient.

Collapse -

Official Answer

by LordInfidel In reply to MS Exchange "Alternate Re ...

NO....

There is no way for a person to know this is taking place.

Us Admins are given certain powers and are trusted not to abuse them.

If this particular admin is harvesting e-mail that he is not supposed to be seeing (although in exchange a mail admin can just open up the users mailbox) then he should be relieved of his position as he is (probably and should be) violating corporate policy regarding e-mail.

The only times admins should be opening up users mailboxes or setting the alternate delivery location is when either A) we are actively monitoring that user via authorization of that users manager or B) We need to diagnose something in that mailbox.

If I found that one of my staff was opening up users mailboxes and monitoring their e-mail without me knowing about it, I would fire them on the spot.

Collapse -

Ethics!

by AV . In reply to Official Answer

You are exactly right. I would fire him too. I hate to think about how this must go on all of the time in lots of places...And how it is not noticed.

I've used Alternate recipients in the past, mostly for people that have name changes after they get married. Otherwise, I always let the user set up their own delegates in Outlook.

I can't even imagine using it for that purpose. Its low, unethical and downright criminal.

Collapse -

FYI

by LordInfidel In reply to Ethics!

There is an easier way then using the alt recip.

Instaed of creating a new mailbox, importing their e-mail and setting up the alt recip on the old mailbox,

You can rename their display name and mailbox,
and assign the new e-mail address' to the same mailbox, then just set the new married name as the default smtp address.

So if the person was
unmarried@company.com

and they became married and wanted the address
married@company.com

In the e-mail address tab, add a Internet SMTP address: married@company.com and set it as the default address.

You will now have 2 e-mail address assigned to that person to the same mailbox.

Collapse -

I'll try it next time

by AV . In reply to FYI
Back to IT Employment Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums