SitePoint Sponsor

User Tag List

Results 1 to 17 of 17
  1. #1
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,777
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    This e-mail will expire...

    What does it mean when an e-mails claims to "expire"??

    Recently I started a new contract, and so this morning I decided to e-mail all of my boss's contact info from work to my personal e-mail address. (In case I am running late, or need her for a reference later, or whatever?!)

    Since this happened this morning at work, things are somewhat fuzzy, but what I recall doing is this...

    I opened up MS Outlook on my work computer, and opened an e-mail from her. Then I right-clicked on her e-mail address in the e-mail, and selected something like "Forward Business Card" or "Copy Business Card".

    Somewhere along the way, I created a new e-mail addressed to me at home. And in the body of the e-mail was this nifty little "business card" with all of her info inside of it.

    I sent the e-mail to my personal account, and when I opened it up on my personal laptop, everything was fine and I saw this same little "business card" which looked like an image with her contact info in it. (Not a .vcf file as far as I could tell.)

    Well, I did this again with the Admin Assistant's info, and then when I went back to the first e-mail with my boss's info in it, I got this weird looking HTML formatted e-mail that looked more like a webpage with a "View this message" link in it. And at the bottom was a disclaimer like this...

    This message will be available online until 07/31/2013. Note: You must have your browser configured to accept SSL Certificates in order to view this email. Please see the Secure Email Overview at...

    If I clicked on the link it took me to a webpage like this...

    https://secureemail.hr.acme.net/messenger/def/tw_purl/NonUserPurl.do?x=d-68155-sDkXH9

    On that webpage is info including...

    - Subject
    - To
    - From
    - Sent
    - Expires


    Then below that is a list including....
    messageBody.htm
    image001.jpg
    jane doe.vcf

    Any clue what all of this means?!

    Sincerely,


    Debbie

  2. #2
    SitePoint Zealot
    Join Date
    Nov 2012
    Posts
    117
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Hello Debbie,
    As I can see from what you've described, the email was secured and when you went home, due to to your browser not supporting the SSL certificate, you cannot view it.
    You can either try this online SSL browser, or install a SSL plugin.
    Hope that was helpful,
    V

  3. #3
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,777
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Vincentas View Post
    Hello Debbie,
    As I can see from what you've described, the email was secured and when you went home, due to to your browser not supporting the SSL certificate, you cannot view it.
    You can either try this online SSL browser, or install a SSL plugin.
    Hope that was helpful,
    V
    I don't understand what you are saying...


    Debbie

  4. #4
    SitePoint Zealot
    Join Date
    Nov 2012
    Posts
    117
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Hi again Debbie,
    I'm sorry if my response was not understandable, but you could you specify what exactly you didn't understand ?
    Have you tried using the SSL browser ?
    Peace,
    V
    Quote Originally Posted by DoubleDee View Post
    I don't understand what you are saying...


    Debbie

  5. #5
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,777
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Vincentas View Post
    Hi again Debbie,
    I'm sorry if my response was not understandable, but you could you specify what exactly you didn't understand ?
    Have you tried using the SSL browser ?
    Peace,
    V
    As stated in my original post, I don't understand what is going on with the e-mail I forwarded from work to my personal e-mail.

    And I don't understand what you mean by an "encrypted browser" or how that has anything to do with this issue.

    Sincerely,


    Debbie

  6. #6
    SitePoint Zealot
    Join Date
    Nov 2012
    Posts
    117
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    What mail service do you use for your personal mail ?
    Quote Originally Posted by DoubleDee View Post
    As stated in my original post, I don't understand what is going on with the e-mail I forwarded from work to my personal e-mail.

    And I don't understand what you mean by an "encrypted browser" or how that has anything to do with this issue.

    Sincerely,


    Debbie

  7. #7
    SitePoint Author silver trophybronze trophy
    wwb_99's Avatar
    Join Date
    May 2003
    Location
    Washington, DC
    Posts
    10,633
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    Looking at the URL it looks like a trick lots of HR-ish systems have been doing lately. Email is pretty fundamentally insecure without jumping through alot of hoops. HR people aren't good at computer either making the hoops that much more fun. So many of those systems now have a facility where the HR person can send an "email" that is really just a link to a web page. Because it is HR and catering to the lowest common denominator they have hints like "your browser must be configured to support SSL" because somewhere some grandma is using AOL WebTV and can't handle SSL. The expiration angle comes because some of the security requirements are onerous and deleting the message is probably cheaper and easier than saving it.

    So, they are sending you a link to a web page and calling it a secure email because that is the limit of what much of humanity can handle in order to stay HIPAA compliant.

  8. #8
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,777
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Vincentas View Post
    What mail service do you use for your personal mail ?
    AT&T e-mail partnered with Yahoo mail. (So it is web-based.)


    Debbie

  9. #9
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,777
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by wwb_99 View Post
    Looking at the URL it looks like a trick lots of HR-ish systems have been doing lately. Email is pretty fundamentally insecure without jumping through alot of hoops. HR people aren't good at computer either making the hoops that much more fun. So many of those systems now have a facility where the HR person can send an "email" that is really just a link to a web page. Because it is HR and catering to the lowest common denominator they have hints like "your browser must be configured to support SSL" because somewhere some grandma is using AOL WebTV and can't handle SSL. The expiration angle comes because some of the security requirements are onerous and deleting the message is probably cheaper and easier than saving it.

    So, they are sending you a link to a web page and calling it a secure email because that is the limit of what much of humanity can handle in order to stay HIPAA compliant.
    Sorry, I'm still not understanding the flow.


    Again, here is what I did...

    - I decided to send my new manager's contact info to myself at home so I could get in touch with her after hours. So at work I created an e-mail in MS Outlook which had this in the body...
    jane.doe@acme.com

    <business card image apparently created from .vcf>
    Then there was also a jane.doe.vcf attachment

    - I sent that e-mail to my personal e-mail at: debbie@att.net

    - From my personal laptop, when I opened that e-mail in AT&T/Yahoo's webmail interface in FireFox, I got this...

    Secure Message Delivery

    FROM: Debbie
    SUBJECT: Contact Info: Jane Doe

    VIEW MESSAGE

    This message will be available online until 07/31/2013. Note: You must have your browser configured to accept SSL Certificates in order to view this email. Please see the Acme Secure Email Overview and FAQs web pages located at http://acme.come/secure_email.shtml if you experience difficulty in viewing this message.

    If I click on the View Message link, another FireFox window opens and I see a cookie trying to be set at securemail.acme.com and I am taken to a link like this: https://secureemail.acme.com/messenger/def/tw_purl/NonUserPurl.do?x=d-6855-sXNkHI

    And in that loaded webpage I see the following info...

    Code:
    Secure Mailbox
    
    VIEW MESSAGE
    	
    SUBJECT: 	Message Attachment(s) 	Contact Info: Jane Doe
    FROM: 		Debbie@acme.com
    TO: 		Debbie@att.net
    SENT: 		Mon 01 Jul 2013 10:18:38 EDT
    EXPIRES: 		Wed 31 Jul 2013 10:18:38 EDT
    		
    	 Reply  	
    		
     Reply to All  	
    		
    Jane.Doe@acme.com
     
      ATTACHMENT FILENAME 		TYPE 				SIZE 	
    			messageBody.htm 		Hypertext Markup Language File 				2.46 KB 	
    			image001.jpg 		JPEG Image 				15.87 KB 	
    			Jane Doe.vcf 		Text File 				1.9 KB 	
    		
    	 All  	
    				
    	 Save Checked Files

    Does that help explain things better?


    Again, I don't see how opening up a simple e-mail that I created in MS Outlook at work wold end up like all of that?!

    Sincerely,


    Debbie

  10. #10
    SitePoint Author silver trophybronze trophy
    wwb_99's Avatar
    Join Date
    May 2003
    Location
    Washington, DC
    Posts
    10,633
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    Let me break it down in simpler terms:
    1: email is rather insecure being that it is sent to in the clear and easily intercepted and / or tampered with.
    2: many HR and healthcare outfits have strong legal requirements not to send sensitive information across the public Internet in the clear
    3: customers still want to be emailed documents

    So, what one gets are "secure email" systems that essentially send customers links to messages in online inboxes. There is really nothing more to this than that.

  11. #11
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,777
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by wwb_99 View Post
    Let me break it down in simpler terms:
    1: email is rather insecure being that it is sent to in the clear and easily intercepted and / or tampered with.
    2: many HR and healthcare outfits have strong legal requirements not to send sensitive information across the public Internet in the clear
    3: customers still want to be emailed documents

    So, what one gets are "secure email" systems that essentially send customers links to messages in online inboxes. There is really nothing more to this than that.
    Weren't not making a lot of progress here...

    I am familiar with HIPAA and all that, but you aren't helping me understand...

    1.) Why my browser supposedly isn't configured correctly

    2.) The entire *detailed* technical flow of how I go from sending an e-mail in my MS Outlook to this "secure web page e-mail" thingy you mention.''


    I'm trying to learn from you, but you're leaving out all the detail between Point A and Point B...

    Sincerely,


    Debbie

  12. #12
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,176
    Mentioned
    191 Post(s)
    Tagged
    2 Thread(s)
    I'm guessing the detail you're missing is that you sent it "from work". Because they are a business they must be more secure than say gmail or hotmail etc.

    It sounds like they have their email server configured to increase "security" by limiting the time something exists "openly" in the system.
    eg. perhaps they move all email content to a secure site after a period of time so that anyone trying to access it must have proper authority.
    Because you sent it "from work", from a legal point of view it is not "your" email, but the businesses.

    You could be getting the message for a number of reasons, eg. you don't have authority, your settings are off somewhere.

    EDIT
    The more I think about it the more I wonder if the vcf file is the culprit. i.e. Outlook did not give the person's personal info as plain text, but showed an image. I'm guessing that instead of embedding it into the email it linked to it. So if the email server isn't configured to access the secure personal info it wouldn't be your settings but something someone at "work" would need to do.

    Probably easiest if you try sending yourself the info as plain text and see if you have the same problem.
    Probably best if you not send other peoples personal info to yourself but copy it to paper instead.

  13. #13
    SitePoint Zealot
    Join Date
    Nov 2012
    Posts
    117
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    So have you tried opening your webmail through the SSL browser I've mentioned above ?
    V
    Quote Originally Posted by Vincentas View Post
    Hi again Debbie,
    I'm sorry if my response was not understandable, but you could you specify what exactly you didn't understand ?
    Have you tried using the SSL browser ?
    Peace,
    V

  14. #14
    SitePoint Author silver trophybronze trophy
    wwb_99's Avatar
    Join Date
    May 2003
    Location
    Washington, DC
    Posts
    10,633
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    The SSL statement is just that -- a statement. Probably something that got pasted in after some octagenarian running web TV couldn't open the email.

    No idea what the trigger was but they likely have something server-side that kicks off on attachments but it is hard to say, I would ask the IS department at the site for an explanation.

  15. #15
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,777
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Mittineague View Post
    I'm guessing the detail you're missing is that you sent it "from work". Because they are a business they must be more secure than say gmail or hotmail etc.

    It sounds like they have their email server configured to increase "security" by limiting the time something exists "openly" in the system.
    eg. perhaps they move all email content to a secure site after a period of time so that anyone trying to access it must have proper authority.
    Because you sent it "from work", from a legal point of view it is not "your" email, but the businesses.
    This isn't a legal discussion...


    You could be getting the message for a number of reasons, eg. you don't have authority, your settings are off somewhere.

    EDIT
    The more I think about it the more I wonder if the vcf file is the culprit. i.e. Outlook did not give the person's personal info as plain text, but showed an image. I'm guessing that instead of embedding it into the email it linked to it. So if the email server isn't configured to access the secure personal info it wouldn't be your settings but something someone at "work" would need to do.
    I can't find the old e-mail - I think I had it in the trash and that got deleted.

    At any rate, I'm pretty sure the body of the e-mail had here e-mail typed in as text PLUS the "image" of here business card which must have been created from the .vcf

    So I would have expected the e=mail in the body to still be there.

    I did the same thing with one of the Temp Admins and that e-mail worked and is still good 3 weeks after the fact.


    Probably easiest if you try sending yourself the info as plain text and see if you have the same problem.
    Yep, I already did that.


    Probably best if you not send other peoples personal info to yourself but copy it to paper instead.
    It is work related, so I most certainly will do that when needed.

    Sincerely,


    Debbie

  16. #16
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,777
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Vincentas View Post
    So have you tried opening your webmail through the SSL browser I've mentioned above ?
    V
    Can you please explain what it offers that FireFox doesn't?

    FireFox supports https and certificates...


    Debbie

  17. #17
    SitePoint Zealot
    Join Date
    Nov 2012
    Posts
    117
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    If you've configured it correctly - it's no difference at all. You can read more about it here.
    Quote Originally Posted by DoubleDee View Post
    Can you please explain what it offers that FireFox doesn't?

    FireFox supports https and certificates...


    Debbie


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •