Web Informant #288, 15 May 2002:
Chasing email phantom employees


Most of you know by now that I have begun working at VAR Business as their Technology Editor, and it is nice to be back inside a magazine and working with the great people there. But I did you know that I also am still with Infoworld? It came as a surprise to me too. And the funny thing is, no one at Infoworld knows either.

No, I am not talking about actual gainful employment: the last time I did any freelancing for Infoworld was about four years ago, when I wrote various reviews for them on eCommerce server software. But I am still on the magazine's email list (or at least, I was earlier this week): Just send me mail at david_strom@infoworld.com and it will get delivered to me without any problem within a few minutes.

I mention this not to embarrass the folks at Infoworld, or even to embarrass their IT department, but to prove a point: how many organizations really weed out their internal email address lists when they cut staffers? Probably not many of you. It is a nasty job, especially if your HR department doesn't directly maintain the corporate email directory.

I was reminded of this after my first few days at CMP. I started to keep track of the number of various databases that I had touched on my merry way around the building as a new employee: the database of my ID card, my health insurance information, the Notes address book that lists my contact information, the corporate phone book, etc. I eventually lost count. I can guarantee you that not all of these databases are connected to each other, and that when people leave CMP it is a fair amount of work to eliminate someone from all of these records. It shouldn't have to be this way.

But the email address book is probably the most vulnerable, and yet it is the easiest one to maintain some kind of vigil on. Granted, my entry in the Infoworld address book isn't all that critical -- I can't gain access to the internal network, but that is more a product of the passage of time than any security measures that the Infoworld IT staff has taken. Back when I was starting at the magazine, the company ran ccMail and used AppleTalk Remote Access. I don't think they are still using these methods to gain access to their networks, and in any event I long ago lost this login information anyway. But still, there my name sits on their address book, quietly forwarding emails to my strom.com account.

I am making a big deal out of this because of all the recent email security issues: so many people I know have been "Klezed" and had to spend several hours cleaning off their machines, as one example, and there are plenty others. And that one email message that I sent to myself showed me that Infoworld has upgraded its ccMail system to Lotus Notes/Domino version 5.0.8, along with the IP address of its gateway machine -- valuable things that a hacker could exploit if s/he were so inclined.

So, my suggestion to you is a simple one: print out a copy of your corporate email address book and spend some time making sure that the people on it really are still employed by your company. Do this once a quarter (or more often, depending on the numbers and the type of company you work for). You don't need any fancy tools, other than pen and paper, and just someone with a critical mind to do the job regularly. And don't get lazy about the regularity of this task: it is important, and it will help to eliminate any email phantom employees.

To subscribe, send a blank email to

To be removed from this list, send a blank email to

David Strom
+1 (516) 562-7151
back issues
entire contents copyright 2002 by David Strom, Inc.
Web Informant is ® registered trademark with the U.S. Patent and Trademark Office.
ISSN #1524-6353 registered with U.S. Library of Congress.