Tagemail

Rules for Email

I spend a lot of time in email. If you’re reading this, you also spend a lot of time in email. Either you’re waiting for new support requests to come in, or work to show up from your boss or you’re corresponding with friends and loved ones. Email is everywhere and it comes in like a tidal wave. It’s worth setting some ground rules with people you email.

Set Email Hours

For instance, I don’t email people outside of work hours. If I happen to look at email after work to pull some bit of information I need and I see something needing a reply, I may draft the reply and leave it as a draft. I don’t need to send that reply now.

I do this because I don’t want to teach people I am reachable by email outside of work hours. Even if it’s just one person, word spreads. If I email one person back in the evening or the weekend, it won’t be long before people are emailing me at all times for responses and expecting one.

Blind Carbon Copy (BCC)

I will let this author share my thoughts about BCC as they’re clearer than anything I’ve ever said.

There are only two legitimate uses for bcc. First, explicitly moving someone to bcc who no longer needs to be part of the ongoing exchange. Second, to send email to a large group of people by putting all of them on bcc. I strongly recommend never using bcc any other way. If you want someone to know about an email you sent, send it and then forward it…

Some Things I Have Learned About Email

That second point is particularly important. When you send email to a group using the TO or CC line, then you’re not just emailing everyone. But you’ve given everyone on that list the addresses of everyone else on that list. Even if it’s a small list, those people may not want others to know they’re part of it. Or to give up their email address.

If you have a large list, then you’re asking for a reply-all nightmare. I’ve emailed groups of 500 people before using a series of BCC emails. If you don’t, and any of those people decide to reply-all, you’ve got an email going to 500 people every. single. time.

Please take me off this list.

Thanks

I’m not going to ever reply to an email with Thanks if it’s the end of the conversation. You don’t need another email to delete from me and it doesn’t add any value to our conversation.

I’ll email a response to any questions I am being asked, or if I need something and you reply you’ll do it. I’m not going to close the thread with a Thanks. I don’t see the point of it and it annoys me when people respond with their own Thanks.

Meeting Acceptances

By default, Outlook will send an email reply when you Accept a meeting. I always opt to not send the reply back. If I decline, I respond with a reason in addition to the declined email. However, if I’m going to attend your meeting, I’m not having the system send an email. I feel about this the same way I feel about the Thanks email. It’s unnecessary.

This is a learned behavior from running a series of large meetings and training events where I find myself buried in emails. It’s no fun to return to an inbox overflowing with over 100 meeting acceptance emails. It serves no purpose other than to generate another email.

Less Email

The goal of my last two rules is to make less email. When I reply to an email, I try to be brief and consider the recipient’s time. In the same way, I don’t generate more email for them to sort through. Though many people’s inboxes have unread counts in the thousands partly because of emails like this.

I do my part to send less email and generate less email overall. I don’t see the point in adding to the growing pile of unread messages. Especially if they say “Thanks” or “I’ve accepted your meeting request.”

All Email Is Public

I don’t mean public in that hackers are going to release it, or it’s going to fall into the wrong hands. I mean people will forward email to anyone for any reason without a second thought.

If I write a reply to a question someone asks me, I assume it’s going to be forwarded in its entirety to the third-party who asked the question.

A bonus tech worker tip: Never put any note in a ticket or email you would not want the customer to read.

Nothing about email is private. I’ve had entire ticket histories emailed to customers. I’ve had co-workers and managers send along an entire conversation just the two of us were having to a larger group. The truth is you never know just how far and wide your email may go. Treat it as if it will be read by the person you least wish would read it. That way, when they do, you won’t have anything to apologize for.

Make Office 365 stop replying all by default

Office 365 email accounts will default to reply all when replying to a message instead of replying to the sender only.

This is a bad practice, especially since it’s not the expected behavior of an email client. When you receive an email, the default has always been to reply to the sender only.

I’ve made a short screen cast showing how to change this behavior.

Set Office 365 to reply by default

  1. Click the Gear icon in the upper right corner.
  2. Click Options (Do not click Office 365 Settings.)
  3. Click Reply settings in the menu on the left. It’s the second-to-last option under Mail.
  4. Click the option next to Reply.
  5. Click Save. If you don’t click Save, it won’t take effect.
  6. Click the <– Options link at the top of the left-side menu.

Now you can reply to emails as you always have. And Reply All is still accessible from the drop-down menu in the message.

On Ending the Tyranny of 24/7 Email

End the Tyranny of 24/7 Email

Why would less email mean better productivity? Because, as Ms. Deal found in her research, endless email is an enabler. It often masks terrible management practices.

When employees shoot out a fusillade of miniature questions via email, or “cc” every team member about each niggling little decision, it’s because they don’t feel confident to make a decision on their own. Often, Ms. Deal found, they’re worried about getting in trouble or downsized if they mess up.

When I am not at work, I do not check work email. I do not think about work email. I do not consider what could be going on in work email.

If it’s in email, it is inherently unimportant.

If something urgent were happening, I would receive a phone call. No phone call. No urgency.

In contrast, when employees are actually empowered, they make more judgment calls on their own. They also start using phone calls and face-to-face chats to resolve issues quickly, so they don’t metastasize into email threads the length of “War and Peace.”

See? Face-to-face meetings or phone calls are for important things. Email is for ass-covering and uncertainty.

These changes can’t happen through personal behavior: The policy needs to come from the top. (If your boss regularly emails you a high-priority question at 11 p.m., the real message is, “At our company, we do email at midnight.”)

This is another important point. The example is set from the top-down. If your manager and his manager and his manager all email all night long. That’s the message. I keep my work email habits to myself mostly because people are aghast when I tell them I don’t check it outside of work.

But when I ask them how often they’ve had something in email that absolutely could not wait until they were back in the office?

Very rarely do they have any examples. And the ones they do offer were accompanied by a phone call. This Labor Day let’s think about how we labor. We give all of our time to work in exchange for what?

More work. You won’t ever get ahead. The harder you work and the more time you pour into your work and email, the more you’re rewarded with more work to do.

Stand with me. Hold the line. Do not check work email outside of work.

Making Outlook Manageable

I am stuck in Microsoft Outlook. As many others around the world, I too suffer through dealing with Outlook. I’m often struck by its lack of flexibility and usability. For an application that appears to do absolutely anything I can imagine, it fails at some basic points. One of the times I moaned about being stuck in Outlook…

https://alpha.app.net/peroty/post/28616760

Jason Rehmus shared his secret of Outlook Contentment…

https://alpha.app.net/longstride/post/28619159

I’ve setup this system in Outlook 2010 and have used it for a few weeks with no issues. It does not require scripting nor a degree in Computer Science. It uses only Outlook’s built-in features.

Steps to Outlook Contentment

  1. Create a new folder and give it a name. I named mine Archive but the name doesn’t matter. Call it whatever you like.
  2. Setup a rule to do two things. First, it will copy all incoming emails to your newly created folder (which I’ll call Archive for the rest of this post). Second, it will mark all received mail as read.
  3. Start the Rules Wizard in Outlook.
  4. Create a New Rule.
    Under the heading Start from a blank rule click Apply rule on messages I receive and click Next >.
    Create a new rule
  5. On the What condition(s) do you want to check? screen select nothing, and click Next >.
    Conditions to check

  6. Outlook will display a prompt that says This rule will be applied to every message you receive. Is this correct? Click Yes.
    This rule will be applied to every message.

  7. On the What do you want to do with the message? screen, check the boxes for mark it as read and move a copy to the specified folder.

  8. Click the link that says specified in the lower box.
    Move and copy and mark as read.

  9. Choose the folder you created in Step 1. For me, it is Archive.
    Choose folder

  10. Verify the rule now reads move a copy to the Archive folder. Then click Next >.
    Verify folder name

  11. On the Are there any exceptions? screen. Don’t check any options. Then click Next >.
    No exceptions.

  12. On the Finish rule setup screen, name the rule and check both boxes.
    For Step 1: Specify a name for this rule, name the rule whatever you like. I’ve called mine ARCHIVE all received mail.
    For Step 2: Setup rule options check the first two boxes, Run this rule on messages already in “Inbox” and Turn on this rule.
    Name rule and check boxes

  13. Click Finish. A dialog will pop-up stating This rule is a client-only rule, and will process only when Outlook is running. So none of this will take place when Outlook is not running.
    Rule will only run when Outlook is running
    Once you click Finish, Outlook will begin copying all email to the Archive folder and marking it all as read in both the Inbox and Archive folders. This will take some time, especially if you have a large mailbox.

  14. Once it finishes running check to make sure all messages were copied over. An easy way to do this is to look at the number of items in each folder. Once those numbers match, I also check the first and last message in the folder and make sure they match.

  15. Once you’ve verified all of your messages were moved successfully, delete everything from your Inbox. All of those messages are safe in your Archive. You don’t need them in your Inbox too. Delete them!

Now the system will work for you. Only keep any message you’re actively working on in your Inbox. When you’re done with it, delete it. Remember, you have a backup copy in your Archive folder.

Now, instead of having thousands of messages in my Inbox, I have 3. And once I’m done responding to those, they’ll be gone too.

Why go through all of this?

You mean other than for your own sanity? I worked in a customer support role, so it’s valuable for me to keep all communications I receive from customers. But I don’t need to see them all the time.

When I need to find an old message, I search my Archive. I need the messages for reference, but I do not need to look at them everyday.

Why do I mark them all as read?

I don’t care about unread/read status. If it’s in my Inbox, I need it. If not, I don’t. I also mark them as read or they’ll show up as unread in my Archive too. And it’s a waste of your time to mark messages read. The fewer things I have to touch, the happier I am.

What if I don’t have space on my mail server?

Setup your Archive in a Personal Folder instead. You can set up the folder anywhere you like. On the mail server or saved locally to your computer. Though please, if you are going to save everything in a Personal Folder, please save it to a network drive where it can be backed up. The Archive is useless if it can be lost when your hard drive crashes.

Resist complication!

I like to tweak and tinker. I like to try to be clever and make things easier for myself. But often times it only results in more work. Let me leave you with this piece of advice I’ve tried to adopt as much as possible. Don’t complicate the system!

https://alpha.app.net/longstride/post/28619344

I’ve resisted complicating the system. Mostly. I had a few rules I’ve automated to categorize messages I need to quickly find to run reports again.

I turned off those rules after setting up this system. I realized the categories are unnecessary. If I need a message, I search the archive folder. Categorization is complication. So I disabled those rules and haven’t missed them.

I hope helps bring some sanity to your life in Outlook. I’m much happier looking at a tiny number of emails instead of thousands. I hope you will be too.

Did this help you? Have a suggestion (but not a complication), please let me know! I’d be curious to hear from you.

Click here and enter your password

Why will your local IT Department never ask for your username and password?

XKCD Comic

Username

Your local IT department setup your account. They know your username. They can look it up if they don’t. It’s often a combination of first and last names. Perhaps there’s a number thrown in. Or perhaps it’s a series of numbers.

No matter what it is, your IT department knows it.

Password

Never Give Anyone Your Password Over Email

Your IT department doesn’t know your password. They have no way to look up your password. But you know what they can do, reset your password.

IT will never ask you for your username and password. If they really need it, they can look up one and reset the other. And resetting a customer’s password without their permission or knowledge is a huge breach of security and trust and will lead to that person getting fired or possibly worse.

What is Phishing?

According to Dictionary.com, Phishing is…

to try to obtain financial or other confidential information from Internet users, typically by sending an e-mail that looks as if it is from a legitimate organization , usually a financial institution, but contains a link to a fake Web site that replicates the real one.

Basically, it is someone trying to gain information from you by pretending to be something else. The attackers will spoof your bank web site, your employer, local IT department or an email from a friend or loved one.

Examples of phishing emails

Over the past few weeks, we’ve seen a larger than usual amount of phishing emails. I have included a couple of samples below with the links removed. After each message, I’ll make a note of why this is a fake message and what to look out for.

From: “Hogan, Judith”
Date: February 11, 2013, 11:14:15 AM EST
Subject: Security Update
There has been an automatic security update on your [email address](LINK REMOVED). To complete update, you are to click here.
Please note that you have within 24 hours to complete this update because you might lose access to your Email Box

First, check who the sender is. Does this person work in your company. Do they have the same Company.com email address? Have you heard of them before or the company they work for?

In this case, poor Judith Hogan at Rochester.edu is our sender. She does not work for the same organization where this email was sent to. She has most likely had her account compromised and it being used by the attackers. Judith is not trying to get access to your account. She is another victim of phishing or another attack that has compromised her account. She is not after your information. She is merely the victim.

Second, the link for “email address” went to a page at hpage.com. Hpage.com is not your local IT department.

From: National Institute of Health <2254576378@qq.com>
Date: Sat, 2 Feb 2013 04:27:06 -0500
Subject: Important Notification

Dear Subscriber, All NIHMAIL users must upgrade their account on or
before 4th February 2013 . For easy upgrade, Click
http://[REMOVED].my3gb.com and fill out your correct account details.
Webmail Administrator

First, the From line actually has the correct organization on it. However, a quick check of the email address goes to qq.com. NIH is a government entity and uses a NIH.gov domain. They would never direct customers to qq.com for any reason.

Second, Dear Subscriber is a giveaway. If this really were your employer emailing you, they know who you are. They would address you by first or last name. It would not be something so generic as Subscriber.

Third, The IT department plans and executes upgrades. Your IT department would never ask you to click anything to upgrade your account. That is part of the job of your IT techs. To manage, upgrade and control the email servers and email accounts. If there is an upgrade happening, they will tell you about it.

Finally, IT will never, ever, ever ask for your credentials. The IT department setup your email account. They already know what your username is. And while they don’t know your password, they do have the power to reset it. If you’ve ever forgotten your password and call your Help Desk, they can reset your password so they’ll never need to ask you for it. Your IT Department will never ask for your username and password.

Often times, attackers will threaten a customer with their data or email being deleted to scare them into compliance.

From: “Warren, Frank”
Date: Mon, 26 Nov 2012 07:19:27 -0500
Subject: Security Update

There has been an automatic security update on your email address. Click here to complete update
Please note that you have within 24 hours to complete this update because you might lose access to your Email Box.

First, Frank Warren @ BP.com doesn’t work for your company most likely.

Second, IT would never conduct an automatic update without first announcing it. And if there was an update performed, no one would need to click a link. They are the IT department. When they perform an upgrade, your account is upgraded. Done. There is no step 2.

Third, sporadic capitalization such as Email Box and missing periods in sentences are key indicators of phishing. Professional emails sent from your IT department will use proper grammar and punctuation.

From: NIH EMAIL WEB ACCESS
Subject: TERMINATION OF ACCOUNT

Dear NIH Account User,

Due to the congestion in all NIH users
accounts you needs toupdate your account with
our released F-Secure Internet Security 2013.
Newversion of a better resource spam and viruses.

If you have not upgraded your account, click reply
and fill in the columnsbelow to send it back so we can
update our database account immediately.
Failure to update will process your NIH
account beingtemporarily blocked or suspended
from our network and may not be able to
receive or send e-mail due to the update.

First, your company knows who you are and would address you by name.
Second, the missing spaces between words and poor grammar such as better resource spam and viruses means phishing. That last line doesn’t even make sense when you read it.
Third, the IT department upgrades your email. It doesn’t access you to click a link *or else.** IT doesn’t threaten customers.

From: NIH User
Subject: Blank

Due to recent suspicious activities in your web-mail account and high amount of Spam mails we receive daily. you account have been blocked and made inactive to protect you, so to activate and unblock your account before routine deletion by our servers, To upgradeyour webmail please click (link withheld)

please fill all details to unblock your account instantly Thank you.

First, the subject line would not be blank.
Second, if your account has been blocked, you would not be receiving this email because your account has been blocked.
Third, poor grammar, lack of capitalization and asking to click a link is a sure sign of phishing.
Fourth, filling information into a web site will not unblock your account. A call to your help desk will.

I hope these examples and explanations have been helpful to better understand phishing and the ways attackers try to gain access to your email. Often times, customers will say, “I have nothing in my email that is important or sensitive.”

However, when a customer’s email account is compromised so is access to anything else they have. Any network drives are also vulnerable. VPN access or remote access are now vulnerable.

If the customer works with sensitive data such as HR or Financial information, access to those accounts are now vulnerable too. Think of all the things that use a password reset sent to an email address to change a password.

If an attacker has access to your email account, they potentially have access to anything that email address connects to. Do you use it for Facebook, Twitter, your own web site, Amazon, Paypal, or your bank?

All of those things could be compromised because the attacker is able to reset those emails with your email address. For a worst case scenario, the story of Mat Honan getting his computer and phone deleted because an attacker was able to gain access to his account.

This is a worst case scenario. However, the same security threats exist if an attacker gains access to your email account. Attackers aren’t just after your work email accounts either.

Take a look through your Gmail, Hotmail, or Yahoo email account. What social media sites do you use that email for? Does your bank send email there? How about credit cards? If an attacker gains access to that account, they have anything you use that email address for. In addition to being able to email your friends, family and colleagues from your account in an attempt to gain access to their accounts too.

The best weapon against phishing and other attacks is to use common sense. If you have a question about something you’ve received email the sender back and ask them about it. If you receive a suspicious email at work. Call your help desk and ask about it.

The best defense is to use common sense and think about what you’ve received and if it makes sense. How can you easily detect a phishing attack?

  1. Check the sender. Do they work for your company? Is the email address the same as the sender name?
  2. Are there weird misspellings, poor grammar and a lack of basic punctuation? Does your local IT department send you emails like this? Does your brother, mother or colleague?
  3. Is there a link in the email? Don’t click it. If you move your mouse over it and wait a couple of seconds, it will show the link where it’s going to take you. If it’s a weird-looking link. Don’t click it.
  4. If your suspicious, delete the email. If it was something important, the sender will contact you again or in another way.
  5. Remember, the IT department manages your email account. They will never ask for your credentials or to click a link for any reason. They have the power to do whatever they need to do to upgrade, manage or migrate your email. That’s their job.