How to use your own e-mail account and fool (most) everybody into thinking you are complying with company/government policy
As a person who managed e-mail servers on multiple platforms for more than 15 years, I have become accustomed to hearing from end-users that they don’t like the systems I have provided.
Some people just grumble. Others actively look for ways to avoid using it. Usually it involves the end-user putting their own convenience over conformity.
So when the revelations about Hillary Clinton rolling her own mail server and domain surfaced, I was not surprised at all. The only thing that surprised me is the lengths she went to hide her system from oversight.
In the corporate world, I witnessed employees doing what Hillary did every day. And despite company policies, you could get away with whatever you wanted as long as you had the juice.
When Blackberrys fell out of favor, many people in my company bought iPhones and iPads and brought them to work. The IT department got numerous requests to connect them to the corporate mail system.
And while there were solutions for connecting iPhones, the company had already invested a big chunk of money installing the Blackberry Enterprise Server. They weren’t going to spend even more to support another device just because it was more popular.
They eventually had to support the iPhone. But it happened through normal budget processes. Money was allocated and additional software was purchased in a later year.
So you are a corporate/government big wig and you’ve got juice, loads of it. Your company/State Department has provided you with an e-mail account and a computer/device to use it with. But you don’t want to use their system. You have your own system that works just fine. What do you do?
Step 1: Forward your corporate mail to your personal account.
There are many ways to do this. You can use rules or agents on your corporate mail client. But this is flaky. It often requires your mail client to be running 24/7. If someone turns off the computer at your desk the whole system you’re trying to set up fails. Some agents can be saved on your mail server and will run when your mail client is shut down. This is better.
But if you REALLY have juice, you can tell the IT department to just put your mail account on permanent forwarding.
Now there are two kinds of mail forwarding at the server level.
One kind involves using an alias to bounce mail to a different location. In this scenario, e-mail is never received by the server. It simply acts like a traffic cop, re-directing inbound mail to a different location.
The other type of forwarding involves actually receiving the message and then forwarding it to another account, usually based on a rule. This type of forwarding is often used when you only want to forward certain types of mail or mail received from specific senders.
Step 2: Hide the fact that you’re not using your corporate/government e-mail from those who receive your messages.
Whenever you set up a mail account in a mail program like Outlook, there is a place to enter your e-mail address. Normally, it would make sense to enter the name of the mail account you are setting up. But if you want to hide where you are sending the message from, enter a different address.
In this case you would enter your corporate address. When people receive e-mail from you and they hit the “reply” button, the reply-to address will show up as your corporate account address.
Now if you want to go digging through the mail header you’ll discover that the message was actually sent from a different account (like clintonemail.org). But who does that? Most people would never notice.
With this system in place, people can e-mail you at either mail address and everything will go where you want. Anyone replying to your message will think they are sending mail to your corporate account. Sure, you’re bouncing mail off an additional server and that might introduce a little delay. But your convenience/secrecy is more important, right Hillary?
Is this what Hillary did? Probably not. Will we ever know exactly? Probably not.