message: “Undeliverable mail returned to server.” The weird thing is
that it’s his boss’s email that was “undeliverable”, and I
never typed it in. I didn’t even know his email. Does
this mean his boss is spying on him? Is it possible his boss is
receiving a copy of every mail he gets?
So you send an email to person “A” and get a bounce from person
Something’s fishy, that’s for sure.
If it is what you think it is, then his boss screwed up. But if that
was a company email account, then he has every right to do exactly what
you – and I – suspect.
Become a Patron of Ask Leo! and go ad-free!
First, quickly, the issue at hand: can an email address like
“someone @ somewhere .com” be intercepted and automatically and
transparently copied to another address? If you own the server that
handles the email for “somewhere .com” then the answer is absolutely
yes. That email can be automatically copied, logged, forwarded,
scanned, analyzed … whatever. The mail server that receives the email
can do all sorts of things.
Including sending copies to your husband’s boss.
Which, I agree, is exactly what this looks like.
However in this case your husband’s boss – or rather his IT
department – screwed up, in at least a couple of ways:
That email should never have bounced, and certainly should never
have bounced back to you. And that’s for the simple and obvious reason
that because of that bounce you found out that something might be going
That particular approach of automatically forwarding to another
inbox is error prone anyway for exactly that reason. It’s a poor,
though simple solution. More appropriate might be to log all incoming
mail to a file. As an example, I happen to log all of my incoming email
(including spam, in case I need to go back and find a false positive)
on my mail server. That’s in addition to downloading mail into my email
What most people fail to realize is that companies are allowed to
monitor employees like this. When you use company equipment and
services, the fact is that they can spy on you. As I’ve put it before,
your privacy ends where your paycheck begins.
So, what can you do?
First: don’t email your husband anything you wouldn’t want his boss
(or IT department, or anyone else for that matter) to see, especially
not on that company email account.
You might think to just use a different email account (one of the
free web-based services, for example), or an instant messaging service,
but the problem here is that the company can frequently still monitor
what’s going on.
The only potential solutions that I can think of are encryption, in
either of two forms:
Having your husband use one of those web-based email services and
making sure to access it only via an encrypted https connection. This
is pretty easy.
Using true encrypted email, so that even if his boss does get a copy
he can’t read it. Sadly encrypted email’s not typically that easy to
But even so as I’ve discussed in
earlier articles, if your husband is using a work computer to read
your email, then all bets are still off. The company could have
installed monitoring software or spyware on the machine.
If you really don’t trust the company, and it seems like
you have data to say that you can’t, the only real solution is to
communicate via other means not owned or controlled by the company. A
cell phone, perhaps with its own email and IM access, for example.