开云体育

A member of my group recently sent an email message to someone not in our group, and cc-ed the message to our group, using our full groups.io address (something he has repeatedly been told not to do, but he persists!). The recipient replied using "Reply All", resulting in his reply being received by everyone in our group, even though the sender isn't in our group, and is not therefore authorised to post to our group. Not only that: all subsequent "Reply All" exchanges between group and non-group recipients were sent to everyone in our group. I didn't realize this was possible. This has raised security issues for us, which we clearly need to address internally. In the meantime I'd be grateful if someone on this forum could advise if it is possible to change the settings for our group to ensure we don't experience a similar breach in the future.

Many thanks
Barry

On Mon, Jan 6, 2020 at 11:56 AM, BarryS wrote:

This has raised security issues for us, which we clearly need to address internally. In the meantime I'd be grateful if someone on this forum could advise if it is possible to change the settings for our group to ensure we don't experience a similar breach in the future.

Unfortunately, you have no control over someone's email program.? There's no setting on GIO that could prevent this.

Duane
--
GMF's Wiki: /g/GroupManagersForum/wiki
Help: /static/help
Search button at the top of Messages list
A few site FAQs: /static/pricing#frequently-asked-questions

On Mon, Jan 6, 2020 at 12:56 PM, BarryS wrote:

A member of my group recently sent an email message to someone not in our group, and cc-ed the message to our group, using our full groups.io address (something he has repeatedly been told not to do, but he persists!).

In my groups(s), behavior along these lines will get someone placed on permanent moderation, and possibly banned.

The recipient replied using "Reply All", resulting in his reply being received by everyone in our group, even though the sender isn't in our group, and is not therefore authorised to post to our group. Not only that: all subsequent "Reply All" exchanges between group and non-group recipients were sent to everyone in our group. I didn't realize this was possible.

You can keep non-members from posting to your group. See Admin>Settings>Message Policies, first checkbox. Uncheck the box and non-member messages will be rejected.

This setting will not keep people who are already members from CC-ing the group when sending a message/reply to a non-member. But again, if you place such people on moderation then you can head off the side conversations before everything goes haywire.

Bruce

On Mon, Jan 6, 2020 at 11:56 AM, BarryS wrote:

The recipient replied using "Reply All", resulting in his reply being received by everyone in our group, even though the sender isn't in our group, and is not therefore authorised to post to our group. Not only that: all subsequent "Reply All" exchanges between group and non-group recipients were sent to everyone in our group.

I'm not sure I understand this.? If he's not a member, but you allow non-members to post, his messages would have gone to moderation. If you don't allow non-members to post, it would have been rejected.? The only way around this that I know of would be to have the email addresses of every member in the To: or Cc: list.? Are you sure it's the non-member's posts that are coming through?? Could it only be the member's replies to the non-member?? If one of your members uses Reply All, that would send it to the group where it would be accepted if they're not moderated.? We've done some testing and what you describe can't happen, so there's another reason.

Duane
--
GMF's Wiki: /g/GroupManagersForum/wiki
Help: /static/help
Search button at the top of Messages list
A few site FAQs: /static/pricing#frequently-asked-questions

On Mon, Jan 6, 2020 at 08:12 PM, Duane wrote:

We've done some testing and what you describe can't happen, so there's another reason.

Barry; Duane makes a good point. Have you examined your Activity Log? If not then it is definitely time to do so to determine the sequence of what actually happened rather than assuming the sequence of events. I'm not suggesting that you got it wrong but the log will give you a much clearer picture.

Bruce also made a good point when he wrote In my groups(s), behavior along these lines will get someone placed on permanent moderation, and possibly banned. If your member persists in doing the sort of thing you describe despite requests not to than IMHO he should have been put on moderation long ago.

Chris

Many thanks to Chris, Duane and Bruce for their very helpful posts, and apologies for the slow response. And I am embarrassed to say that, after examining our Activity Log (at Chris's suggestion) I can now see that I was mistaken. Although the non-member did in fact "Reply All" to the message that was copied to our group, his message WAS NOT in fact received by our members. Confusingly, the non-member also blind copied in a (non groups.io) list, of which many of our members are also subscribed. So to an untrained eye (like mine) it looked like his message had breached our wall, when in fact his inclusion of our groups.io list as a recipient would not have got through to us.?

I have also checked our Message Policies, on Bruce's suggestion, and indeed the first checkbox was already unchecked.

So, false alarm. Please accept my apologies.

Barry