Here is another story from the field that seems appropriate to share as we are still in the midst of vacation season.

A couple a years ago, our consulting team received a call from an alarmed customer who noticed a sudden increase in mail traffic that appeared to be growing more rapidly every day and was starting to overload the mail servers at the Internet gateway.

Looking at the traffic data quickly revealed that email to and from a single user was causing the excessive load on the mail environment. The amount of email sent and received by that user had grown from an average of about one hundred emails a day to tens of thousands of messages during less than a week.

What was happening?

As it turned out the employee was on vacation and didn’t have access to corporate email since his company didn’t provide remote or web based access. Like many of us, this particular person just could not bear the thought of being disconnected from all the corporate happenings while soaking-in the sun. Although the IT department implicitly forbid any automatic forwarding of messages to the Internet, by disabling all server based forwarding rules, the user had found a workaround that bypassed this restriction. A simple client-based utility freely downloaded from the Internet and installed on the PC that was left running while on vacation, forwarded all incoming email to an external personal email account.

But that was only the half of it. The user had apparently mistyped the email address of his personal account and did not bother to check that the setup was actually working before leaving on vacation. The forwarded messages ended up in some other unattended inbox, which promptly overflowed after only a few days (this was before Google brought GByte size mailboxes to the masses). As the mailbox limit was reached, the receiving server simply bounced any additional message back to the sender. The forwarding tool was not smart enough to recognize the NDR’s and kept on resending all email thus creating the perfect message loop.

Once we identified the problem the issue was quickly resolved by simply turning off the employees PC.

I am sure that person had some serious explaining to do after returning to work. This crafty workaround had not only:

  • violated corporate policy that specifically forbids the forwarding of internal emails to personal accounts,
  • cost the company time and money resolving the mail servers problems,
  • consumed huge amounts of network and storage resources,
  • but also quite possibly put company confidential information into the hands of an unidentified third party.

This example clearly highlights the importance of ongoing monitoring and active enforcement of well-defined email policies. Even seemingly well-implemented safeguards may be circumvented. Continued data analysis offers another protection layer that will uncover the root cause of problems, often long before the symptoms appear.

Technorati Tags: , , , ,

Powered by Gregarious (41)
Share This
 

If you are new here, you may want to subscribe to my RSS feed. An RSS Subscription will deliver new Blog posts automatically to your computer.
Thanks for visiting!