This e-mail will expire

What does it mean when an e-mails claims to “expire”?? :-/

Recently I started a new contract, and so this morning I decided to e-mail all of my boss’s contact info from work to my personal e-mail address. (In case I am running late, or need her for a reference later, or whatever?!)

Since this happened this morning at work, things are somewhat fuzzy, but what I recall doing is this…

I opened up MS Outlook on my work computer, and opened an e-mail from her. Then I right-clicked on her e-mail address in the e-mail, and selected something like “Forward Business Card” or “Copy Business Card”.

Somewhere along the way, I created a new e-mail addressed to me at home. And in the body of the e-mail was this nifty little “business card” with all of her info inside of it.

I sent the e-mail to my personal account, and when I opened it up on my personal laptop, everything was fine and I saw this same little “business card” which looked like an image with her contact info in it. (Not a .vcf file as far as I could tell.)

Well, I did this again with the Admin Assistant’s info, and then when I went back to the first e-mail with my boss’s info in it, I got this weird looking HTML formatted e-mail that looked more like a webpage with a “View this message” link in it. And at the bottom was a disclaimer like this…

This message will be available online until 07/31/2013. Note: You must have your browser configured to accept SSL Certificates in order to view this email. Please see the Secure Email Overview at…

If I clicked on the link it took me to a webpage like this…

https://secureemail.hr.acme.net/messenger/def/tw_purl/NonUserPurl.do?x=d-68155-sDkXH9

On that webpage is info including…

  • Subject
  • To
  • From
  • Sent
  • Expires

Then below that is a list including…

messageBody.htm
image001.jpg
jane doe.vcf

Any clue what all of this means?! :-/

Sincerely,

Debbie

Hello Debbie,
As I can see from what you’ve described, the email was secured and when you went home, due to to your browser not supporting the SSL certificate, you cannot view it.
You can either try this online SSL browser, or install a SSL plugin.
Hope that was helpful,
V

I don’t understand what you are saying…

Debbie

Hi again Debbie,
I’m sorry if my response was not understandable, but you could you specify what exactly you didn’t understand ?
Have you tried using the SSL browser ?
Peace,
V

As stated in my original post, I don’t understand what is going on with the e-mail I forwarded from work to my personal e-mail.

And I don’t understand what you mean by an “encrypted browser” or how that has anything to do with this issue.

Sincerely,

Debbie

What mail service do you use for your personal mail ?

Looking at the URL it looks like a trick lots of HR-ish systems have been doing lately. Email is pretty fundamentally insecure without jumping through alot of hoops. HR people aren’t good at computer either making the hoops that much more fun. So many of those systems now have a facility where the HR person can send an “email” that is really just a link to a web page. Because it is HR and catering to the lowest common denominator they have hints like “your browser must be configured to support SSL” because somewhere some grandma is using AOL WebTV and can’t handle SSL. The expiration angle comes because some of the security requirements are onerous and deleting the message is probably cheaper and easier than saving it.

So, they are sending you a link to a web page and calling it a secure email because that is the limit of what much of humanity can handle in order to stay HIPAA compliant.

AT&T e-mail partnered with Yahoo mail. (So it is web-based.)

Debbie

Sorry, I’m still not understanding the flow.

Again, here is what I did…

  • I decided to send my new manager’s contact info to myself at home so I could get in touch with her after hours. So at work I created an e-mail in MS Outlook which had this in the body…

jane.doe@acme.com

<business card image apparently created from .vcf>

Then there was also a jane.doe.vcf attachment

  • I sent that e-mail to my personal e-mail at: debbie@att.net

  • From my personal laptop, when I opened that e-mail in AT&T/Yahoo’s webmail interface in FireFox, I got this…

Secure Message Delivery

FROM: Debbie
SUBJECT: Contact Info: Jane Doe

VIEW MESSAGE

This message will be available online until 07/31/2013. Note: You must have your browser configured to accept SSL Certificates in order to view this email. Please see the Acme Secure Email Overview and FAQs web pages located at http://acme.come/secure_email.shtml if you experience difficulty in viewing this message.

If I click on the View Message link, another FireFox window opens and I see a cookie trying to be set at securemail.acme.com and I am taken to a link like this: https://secureemail.acme.com/messenger/def/tw_purl/NonUserPurl.do?x=d-6855-sXNkHI

And in that loaded webpage I see the following info…


Secure Mailbox

VIEW MESSAGE
	
SUBJECT: 	Message Attachment(s) 	Contact Info: Jane Doe
FROM: 		Debbie@acme.com
TO: 		Debbie@att.net
SENT: 		Mon 01 Jul 2013 10:18:38 EDT
EXPIRES: 		Wed 31 Jul 2013 10:18:38 EDT
		
	 Reply  	
		
 Reply to All  	
		
Jane.Doe@acme.com
 
  ATTACHMENT FILENAME 		TYPE 				SIZE 	
			messageBody.htm 		Hypertext Markup Language File 				2.46 KB 	
			image001.jpg 		JPEG Image 				15.87 KB 	
			Jane Doe.vcf 		Text File 				1.9 KB 	
		
	 All  	
				
	 Save Checked Files  	

Does that help explain things better?

Again, I don’t see how opening up a simple e-mail that I created in MS Outlook at work wold end up like all of that?! :-/

Sincerely,

Debbie

Let me break it down in simpler terms:
1: email is rather insecure being that it is sent to in the clear and easily intercepted and / or tampered with.
2: many HR and healthcare outfits have strong legal requirements not to send sensitive information across the public Internet in the clear
3: customers still want to be emailed documents

So, what one gets are “secure email” systems that essentially send customers links to messages in online inboxes. There is really nothing more to this than that.

Weren’t not making a lot of progress here… :wink:

I am familiar with HIPAA and all that, but you aren’t helping me understand…

1.) Why my browser supposedly isn’t configured correctly

2.) The entire detailed technical flow of how I go from sending an e-mail in my MS Outlook to this “secure web page e-mail” thingy you mention.‘’

I’m trying to learn from you, but you’re leaving out all the detail between Point A and Point B… :wink:

Sincerely,

Debbie

I’m guessing the detail you’re missing is that you sent it “from work”. Because they are a business they must be more secure than say gmail or hotmail etc.

It sounds like they have their email server configured to increase “security” by limiting the time something exists “openly” in the system.
eg. perhaps they move all email content to a secure site after a period of time so that anyone trying to access it must have proper authority.
Because you sent it “from work”, from a legal point of view it is not “your” email, but the businesses.

You could be getting the message for a number of reasons, eg. you don’t have authority, your settings are off somewhere.

EDIT
The more I think about it the more I wonder if the vcf file is the culprit. i.e. Outlook did not give the person’s personal info as plain text, but showed an image. I’m guessing that instead of embedding it into the email it linked to it. So if the email server isn’t configured to access the secure personal info it wouldn’t be your settings but something someone at “work” would need to do.

Probably easiest if you try sending yourself the info as plain text and see if you have the same problem.
Probably best if you not send other peoples personal info to yourself but copy it to paper instead.

So have you tried opening your webmail through the SSL browser I’ve mentioned above ?
V

The SSL statement is just that – a statement. Probably something that got pasted in after some octagenarian running web TV couldn’t open the email.

No idea what the trigger was but they likely have something server-side that kicks off on attachments but it is hard to say, I would ask the IS department at the site for an explanation.

This isn’t a legal discussion…

You could be getting the message for a number of reasons, eg. you don’t have authority, your settings are off somewhere.

EDIT
The more I think about it the more I wonder if the vcf file is the culprit. i.e. Outlook did not give the person’s personal info as plain text, but showed an image. I’m guessing that instead of embedding it into the email it linked to it. So if the email server isn’t configured to access the secure personal info it wouldn’t be your settings but something someone at “work” would need to do.

I can’t find the old e-mail - I think I had it in the trash and that got deleted.

At any rate, I’m pretty sure the body of the e-mail had here e-mail typed in as text PLUS the “image” of here business card which must have been created from the .vcf

So I would have expected the e=mail in the body to still be there.

I did the same thing with one of the Temp Admins and that e-mail worked and is still good 3 weeks after the fact.

Probably easiest if you try sending yourself the info as plain text and see if you have the same problem.

Yep, I already did that.

Probably best if you not send other peoples personal info to yourself but copy it to paper instead.

It is work related, so I most certainly will do that when needed.

Sincerely,

Debbie

Can you please explain what it offers that FireFox doesn’t?

FireFox supports https and certificates…

Debbie

If you’ve configured it correctly - it’s no difference at all. You can read more about it here.