Breach of privacy - Manager outgoing email - Server Edition

We have had another breach of privacy at mailbox level. Seriously in a multi user Manager Server environment an additional configurable outgoing email address will separate business as usual (BAU) messaging from accounting messaging. Maybe there is another way?

The Problem
What is occurring, a staff member is trolling the Manager Mailbox sent items and they view accounting messaging and reporting they are not entitled to access.

  • We need to use company domain email for all good reasons.
  • Both Send a copy and receive email at a different email are all turned off
  • Non accounting staff members do not have access to the email records in Manager for good reason.
  • Converting reports to PDF and sending via email client not a real consideration as the feature to send the report is looking at you.

Robust solution
A second SMTP config for accounting will isolate the confidential messaging at mailbox level and give admin peace of mind.

So what is stopping you from creating distinct accounting domains and addresses? Do you expect an accounting program to solve your email security issues?

Nothing stops us creating distinct email addresses and security but Manager does not accommodate. Yes it is a real issue when you get burnt.
All said and done operations need access to BAU messaging and yes the problem is created by Manager giving no alternative for this accounting type of communication.

I have read through the OP twice and I still can’t understand how Manager is giving someone access to emails they shouldn’t see.

Please explain exactly:

  1. what version and edition you are running
  2. what level of permission the troll has
  3. what he is accessing and how
1 Like

How can you say this? The email settings you enter are arbitrary. The fact that you choose to use accounts and/or domains accessible to your in-house troll(s) is not the fault of the program.

Your “need” is your “choice.” I’ve dealt with accounting emails since email was invented. Never have I seen a situation where there was a valid “need” to provide access to anyone unauthorized. Nor have I ever encountered a situation where appropriate email security could not be provided.

  1. Server Version
  2. Standard 365 mailbox configured for manager - Sent items trolled
  3. Accessing 365 Mailbox which Manager users for customer replies etc. This mailbox needs to be accessible

I can see this is no problem for Desktop version but in a multi user environment like the paid for server version we need a solution an alternative or some accommodation / plan for the problem.

No, you choose to make this mailbox accessible.

Invoices, Quotes and POs get sent from this email and customers reply to it how do staff access this email and respond to it then?

What is your solution Tut?

You can do this:

However, I can see value in setting up automatic reply-to address based on user profile. This would keep email setup to a minimum and enable users to pickup whatever replies on system generated emails.

However, I’m not sure whether the foundation work is laid out for that. Only @lubos can decide whether this is feasible for implementation at this point in time.

For the time being, the simplist solution is to make a no-reply email address and append a disclaimer to your emails. To drive it home even more, you can auto-reply with a returned message from your no-reply address.

1 Like

Do what the vast majority of businesses all around the world do. Establish protocols for who can send emails, from what addresses, and how they should be responded to. When I get an email invoice from my phone company, it tells me I cannot respond to it and provides other contact information in case I need to respond. I don’t know of a business that sends quotes or invoices and expects customers to engage using the address from which they are sent. Quotes normally provide contact information for sales or marketing personnel, not someone in accounting. Invoices provide customer service contact information. Really, this is not difficult.

I Manager was to enhance this area I would prefer a document publishing history not more email permissions.

The publishing history could be accessible at the screen in Manager documents are created for external publishing (email or print).

Sorry man strongly disagree almost all Manager users following the setup guide will be in this category you have not seen. However Tut that is not what I wish to talk about or resolve you tend to deflect somewhat, for example we are not even talking about the issue of receiving email to what inbox.

  1. To fix the sent mail smtp and access to sent items in a mailbox can be resolved at the expense of all those not authorized to access accounting email. How? just use a smtp service / mailbox the staff do not have access to.
  2. All the accounts people have access to the Manager email Tab / Log so that is fine. Also accounts people are not permitted to create PDFs for email through their email clients.

This raises a problem because how do staff see and confirm, for example quotes / invoices that have or not have been emailed in Manager? Why can’t they see / confirm emailed documents? Because to keep accounting communication and payslips confidential you cannot have staff access the email logs / tab that hold the accounting reports. Also “Send a copy of every email to this address” will potentially create a breach as well.


Please bear in mind that this is not an Admin or Accounts person problem as they have Manager privileges to physically view logs and emails but the staff who are limited from accounting and admin reporting do have the problem. There appears to be no middle ground to accommodate staff. It is all or nothing. So this is where the shortfall is and a solution will be great.

One little business has 15 manager users 3 of which are accounts in rotation so the convenience of one accounts person sending accounting documents from Manager to a stakeholder is a ticking time bomb, it is bound to happen again. Also “Send a copy of every email to this address” will potentially create a breach as well.

I am simply pointing out something that has caused disharmony in the ranks and believe it can be resolved as Manager already caters for multiple users and ease of use. We take an application which is central to business seriously even if it simple and exact for use.

So what has been implemented for these guys?

  1. Move smtp away from their 365 mailbox
  2. Customers still reply directly to the sent email address as before seamlessly
  3. Accounts and Admin staff No longer have fears of reoccurrence of breach
  4. Ensured no copies of Manager email sent elsewhere
  5. Accounts people have all

Staff dead in the water regarding email

  1. No longer can check document email status whether sent or not sent
  2. Staff still receive incoming responses from Quotes, Invoices etc
  3. Staff have nothing on the email status side of things

Imo your email issues would be better addressed by disabling emailing directly from Manager for most users. Instead most users should print to pdf and use and email client to attach the pdf to a business email account. Administrators can have access to email accounts as required for an individual businesses structure.

This is a general business administration problem so best addressed by a general business solution rather than have Manager reproduce the functionality.

Which only leaves the optimising transfer of a document generated in Manger to an email client.