Am I involved in something illegal?

Angeline Malik · Apr 25, 2017

I joined NP a few days ago and as I indicated in my first post in the meet and greet area, I’m a software developer, my knowledge about domain names is limited. I have a question and I’d be extremely grateful if experienced domainers can help me.

I have a small software company comprising a few developers. We have clients mostly from the USA, UK and Middle East. A year ago, we added a new segment to our business: providing online/ ticket based technical support to the customers of our clients.

A few months ago, one such client outsourced to us a couple of their websites for customer support. Let’s say for understanding purposes one of the sites’ name is tesla.com. When we were given the access to the email accounts and the second we set up MS Outlook, we found loads of emails but not intended for tesla.com, instead for different financial institutions like teslabank.com, teslainsurance.com and many others.

Upon further investigation we discovered that people in the bank and insurance etc promote themselves as tesla and when their customers write to them, many tend to forget to add bank, insurance after tesla and all such unrouted communications are delivered to the default email address of tesla.com, which is, say, support at tesla.com.

The funny thing is that people in the tesla bank and tesla insurance also make such mistakes and their internal emails also make their way to tesla.com’s default email address.

We contacted the owner of the website but s/he was not bothered. S/he said the people in the bank and insurance have been aware of all that for several years and they are least bothered. Whatever you receive for them, treat it like junk and delete it from your PC.

My question is if we, the support team, are involved in anything illegal? These messages which look sensitive in their nature as they carry confidential pieces of information about money, transfer, bank accounts, insurance, individuals and organisations, etc I find it difficult to comprehend that a bank or financial institution will not be bothered after knowing the extent of this kind of breach of security.

What’s the best course of action for us? Should we stop providing customer service to this client? Is it a serious issue or am I being paranoid unnecessarily?

WhoaDomain.com · Apr 25, 2017

Oh one last thing . Many NP member's on here give advice on many topics based on their domaining experience and life experience. many have been right and wrong on many occasions.

Some are experts. Some amateur newbies.

If start going down the route of "shut up newbie you don't know what you are talking about!"

Then where would NP be without a healthy exchange of ideas however right or wrong the ideas maybe.

Isn't it enough to correct someone in a civilized manner like "you are incorrect because 1.2.3.and 4" and leave it at that?

Is it really necessary to go negative?

Doesn't matter to me really as I. Nothing "sticks" to me.

But I'm worried about you guys. So much anger , hostility, testosterone,angst is not healthy for the blood pressure.

This is not about me it's about the OP's question. I give advice. You give advice. Let the op decide what to choose.

Peace.

jberryhill · Apr 25, 2017

Avtar629 said:
I give advice. You give advice.

No, you were advancing a proposition which is illegal where you live.

jberryhill · Apr 25, 2017

Avtar629 said:
Then where would NP be without a healthy exchange of ideas however right or wrong the ideas maybe.

...which is quite distinct from "send me your information so I can make a buck off of you".

You want to exchange ideas? Fine. That's not at all what you were proposing.

WhoaDomain.com · Apr 25, 2017

promo said:
No I am pretty sure you are so insulated and padded from reality that nothing which anyone says really reaches through to you.

Careful you do not end up some place also padded and insulated. I keep reading you are in and out of "hospital". Maybe its time to just stay in there till you are fixed.

Yea! I have a fan! Mods? Apologies please deleted my off topic posts unrelated to op question. Thank you!

Hospital = back surgery.

As far as insulated? Aren't you doing the same talking to me the way you do on a forum hiding behind a profile?

Everyone talks tough behind an anonymous profile.

But the reality is in the real world

THIS WOULD NEVER HAPPEN.

I GUARANTEE IT.

So spare me the jokes. As we all know you can say all this in the relative safety and comfort of an anonymous profile.

Kate · Apr 25, 2017

Angeline Malik said:
A few months ago, one such client outsourced to us a couple of their websites for customer support. Let’s say for understanding purposes one of the sites’ name is tesla.com. When we were given the access to the email accounts and the second we set up MS Outlook, we found loads of emails but not intended for tesla.com, instead for different financial institutions like teslabank.com, teslainsurance.com and many others.

Angeline Malik said:
What’s the best course of action for us? Should we stop providing customer service to this client? Is it a serious issue or am I being paranoid unnecessarily?

Why make things difficult ?

Step 1. Inform the client
Step 2a. Client doesn't care => bounce the mails so that senders are at least notified of their mistake
Step 2.b. Client cares => redirect the mails to a designated mailbox they control.
Step 3. describe your actions in writing to protect yourself and document your customer service practices

End.

namezest · Apr 25, 2017

If you have a privacy policy (which you should have) the information you need is (or should be) in there already. If you think there is something illegal that is going on you should already have a clause in your privacy policy specifically for that issue. If not, update your policy and let your customers know. You may well be breaching your own privacy policy by posting on here (namepros).

Your customers must have already agreed to, any privacy policy you should or may already have anyway.

jberryhill · Apr 25, 2017

Angeline Malik said:
We contacted the owner of the website but s/he was not bothered. S/he said the people in the bank and insurance have been aware of all that for several years and they are least bothered.

One thing to note here is that you do not have any direct information about whether the people in the other organization do or do not care. Your only information on that subject is what you were told by your client.

But I'm a little hazy on the circumstances here. Are these emails to addresses like "[email protected]" or addresses like "[email protected]"? If it is the former instead of the latter, then I can't see why you would be receiving email for specifically named email accounts. In general, I usually advise domainer clients to turn of things like "catch all" email, so that any such misdirected emails will bounce, and provide the sender with a notice that they bounced.

The other thing I'm not clear on, which is always the problem with using a 'domain like..." instead of the actual domain, is whether the term in question is itself non-distinctive as a trade or service mark. Depending on the actual circumstances, what you may be accumulating is otherwise known as evidence of consumer confusion.

LarryDomain · Apr 26, 2017

some using a fat boy image is geting SKOOOOOLED bigtime...

lock · Apr 26, 2017

The domain itself could be stolen.

Angeline Malik · Apr 26, 2017

Thank you everybody for the help, it’s great to be a member of a forum where so many experienced and learned people are available.

I would like to respond to a few points:

@MackieMesser, tesla.com is nothing to do with tesla bank or tesla insurance or other suffix. I don’t know how you got confused. Our client is tesla.com (this is an example), We had never heard of tesla bank, tesla insurance etc before we started providing technical support to the customers of our client tesla.com (an example). Customers who have their accounts with yahoo.com for example, they have technical issues and Yahoo has to resolve them. Either they do it in house or they outsource, it’s a very common practice in the software world.

@Avtar629 , thanks for the offer but that’s exactly what we are trying to avoid, we have a different lifestyle, thanks for the offer anyway.

@promo , I don’t know if it’s a trademarked word, it’s not like tesla though, I really don’t know if tesla means anything. My client’s domain name does convey some meaning to me at least. There are some further complications in it (sorry), there is not just only one group whose emails are delivered to us but also there are 2 more companies in different jurisdictions who have different suffix after tesla and their emails are delivered, so apparently, my client’s domain seems a popular word. English is not my first language, so please don’t judge me on that if it proves otherwise.

@Kate , I have already taken the first 3 steps but I don’t understand the last one. Could you please explain how and where?

@jberryhill , senders send messages to email addresses like: "Joe.Manager at tesla.com". You are right, such unrouted messages are delivered to support in order for the genuine ones not be missed. I get your point and we can advise(?) the client to turn off catch all emails mechanism but do you think it’s fair for our client, if his/her customers make a mistake in writing the word before "at", they need to be served somehow. Is catch all email feature illegal or risky?

Finally, I again contacted the client, s/he says that in the past s/he did notify/ forward some of such messages to the intended recipients as well as senders and got thank you messages and phone calls from both parties to appreciate the help. S/he says s/he’s too busy and has no appetite to work like a messenger, so just delete all their messages and don’t be bothered.

Kate · Apr 26, 2017

Angeline Malik said:
@Kate , I have already taken the first 3 steps but I don’t understand the last one. Could you please explain how and where?

You should have some sort of service agreement and contract with your client. So it's normal to maintain documentation (functional and technical) but also provide some reporting from time to time. For example my accountant keeps a timesheet of his activity and he uses that timesheet to invoice me on the basis of time spent.
And if you make changes to the current setup it's normal to inform them... plain common sense.
I don't understand the purpose of this thread.

jberryhill · Apr 26, 2017

Angeline Malik said:
I get your point and we can advise(?) the client to turn off catch all emails mechanism but do you think it’s fair for our client, if his/her customers make a mistake in writing the word before "at", they need to be served somehow. Is catch all email feature illegal or risky?

1. Do I think it's fair. You know, this is premised on contacting customer support for a website, yes? Don't they have an online form for that and/or aren't most of the emails going to be generated by clicking a mailto: link on the website itself? Because I can't see how making a typo is relevant in that context. Secondly, if they do make a typo then, waddya know, they get a bounce message and can check whether the email address was correct.

2. Is it illegal or risky. Without a lot more specific facts, I couldn't opine on the question entirely. I'd want to know specifically what is the domain name, the institution in question, what goes on at the website and what sort of "support" we are talking about. Is it risky? Yes, it is riskier to use catch-all forwarding than it is to simply use specific email addresses. Why? Well, on the one hand you can't be held responsible for things that people send you by mistake. ON THE OTHER HAND, you know it is happening, you know why it is happening, you know it's going to keep happening, and you have the ability to make a lot of it stop happening. On a scale of marginally "is this riskier than that", then it is pretty obvious that, whatever the circumstances, you are less responsible for bouncing misdirected emails than you are for receiving them and doing whatever someone might accuse you of doing with them.

These kinds of questions are not always so much a matter of "is it okay to do X" but whether you might be accused of doing something else entirely. Sure, if someone accuses you of mishandling confidential information under circumstances where you knew this was happening, you could probably come out just fine after spending thousands in legal fees to deal with whatever it is they might accuse you of.

NameAcquisitions · Apr 26, 2017

jberryhill said:
These kinds of questions are not always so much a matter of "is it okay to do X" but whether you might be accused of doing something else entirely. Sure, if someone accuses you of mishandling confidential information under circumstances where you knew this was happening, you could probably come out just fine after spending thousands in legal fees to deal with whatever it is they might accuse you of.

This is invaluable advice IMO. People love to discuss what is "right" and "wrong" in business. Why they would "win in court". When you have been in business as long as I have, you learn to look at things very differently.

Legal issues are an expensive pain in the ass that usually only enrich the attorneys (sorry JBH). Even when you are "right", it is best to avoid them when you can. Save the effort to fight over things that are really important, or can't be avoided.

WhoaDomain.com · Apr 26, 2017

LarryDomain said:
some using a fat boy image is geting SKOOOOOLED bigtime...

lol hey. We all do every now and then. No shame in that. As I've mentioned countless of times. I'm always happy to be corrected. It's the insults that taint the learning. I stand corrected. Interestingly. It takes an idiot to hook in an expert to the conversation. At thee end of the day at least the OP got proper help.

Sure did blow up this thread and get eyes on it. I'm sure OP can appreciate that at least.

Glad you sorted it out OP. Good luck to you.

jberryhill · Apr 26, 2017

netvoy said:
Legal issues are an expensive pain in the ass that usually only enrich the attorneys (sorry JBH).

No apologies necessary.

It's often like being asked "would it be better to use brass knuckles or switchblade to win a fight?" when I'm still wondering "why not avoid fighting?"

I much prefer helping to solve problems instead of fight over them.

Angeline Malik · Apr 28, 2017

@Kate , “I don't understand the purpose of this thread.”

The purpose of the thread is to learn how to stay out of the trouble whilst earning your legitimate livelihood.

@Avtar629 , “Sure did blow up this thread and get eyes on it. I'm sure OP can appreciate that at least.”

If that was the intention, then hats off to you.

@jberryhill , I don’t have words to describe my gratitude to you. I understand and value every word you have said in your post and take them on board. You are absolutely right, there are many other ways for your customers to reach out to you, it doesn’t only depend on catch all emails feature. Instead it may turn out to be a liability as you rightly pointed out, it’s really an eye-opening post for me.

As you are aware, we, software developers, turn this feature on without any malicious intention, it’s just a feature and we want to utilise it. In this case, it turned out to be behaving differently. Anyway, lesson learnt, spoke to the owner and s/he doesn’t mind turning this feature off, so already implemented.

Thanks again for this priceless advice, Dr J Berryhill!

dnk · Apr 29, 2017

I have some .in domain names and receive emails for .co.in domain name, looking for a solution. Do the other companies want to buy the domain

Ategy · May 1, 2017

@Angeline Malik ...

1) Don't take legal advice on serious real world situations in an open forum of relatively anonymous users.
2) Get real legal council specific to your jurisdiction.
3) COVER YOUR ASS! lol

By #3 I mostly mean what @Kate said ... make sure you clearly document that you've informed your client of the emails in question.

Personally (not real legal advice), this really doesn't seem like a big deal at all .. AS LONG AS .. you don't use or reshare the information in question. Personally I'd just delete everything.

4) See #2

MapleDots · May 1, 2017

Personally I would take the main email addresses and bounce them back.
I would advise my client to use something different because of the possibility of confusion with the other company (that is just good business sense to me).

So if you get incorrect email to info@tesla bounce them back and advise your client to use sales@ or contact@ etc.

I own MBCanada.com and used to get emails for Mercedes-Benz Canada. I simply bounced them back and the person sending it made a correction and it did not recur. I made sure the address I was using was different from what they were using and today it is no longer an issue.

I did this to protect myself from any legal ramifications, I did not do it for ethical reasons. I just figured the emails were none of my business and I will take steps to assure the originating sender was properly notified.

PS. and it goes without saying.... turn off catch all.

Jv1999 · May 2, 2017

Angeline Malik said:
I joined NP a few days ago and as I indicated in my first post in the meet and greet area, I’m a software developer, my knowledge about domain names is limited. I have a question and I’d be extremely grateful if experienced domainers can help me.

I have a small software company comprising a few developers. We have clients mostly from the USA, UK and Middle East. A year ago, we added a new segment to our business: providing online/ ticket based technical support to the customers of our clients.

A few months ago, one such client outsourced to us a couple of their websites for customer support. Let’s say for understanding purposes one of the sites’ name is tesla.com. When we were given the access to the email accounts and the second we set up MS Outlook, we found loads of emails but not intended for tesla.com, instead for different financial institutions like teslabank.com, teslainsurance.com and many others.

Upon further investigation we discovered that people in the bank and insurance etc promote themselves as tesla and when their customers write to them, many tend to forget to add bank, insurance after tesla and all such unrouted communications are delivered to the default email address of tesla.com, which is, say, support at tesla.com.

The funny thing is that people in the tesla bank and tesla insurance also make such mistakes and their internal emails also make their way to tesla.com’s default email address.

We contacted the owner of the website but s/he was not bothered. S/he said the people in the bank and insurance have been aware of all that for several years and they are least bothered. Whatever you receive for them, treat it like junk and delete it from your PC.

My question is if we, the support team, are involved in anything illegal? These messages which look sensitive in their nature as they carry confidential pieces of information about money, transfer, bank accounts, insurance, individuals and organisations, etc I find it difficult to comprehend that a bank or financial institution will not be bothered after knowing the extent of this kind of breach of security.

What’s the best course of action for us? Should we stop providing customer service to this client? Is it a serious issue or am I being paranoid unnecessarily?

hackerz dream ^_^

Am I involved in something illegal?

Established Member

WhoaDomain.comTop Member

Top Member

Top Member

WhoaDomain.comTop Member

Domainosaurus RexTop Member

Top Member

Top Member

Top Member

FREE.MARKETINGTop Member

Established Member

Domainosaurus RexTop Member

Top Member

Name Acquisitions/SalesVIP Member

WhoaDomain.comTop Member

Top Member

Established Member

Established Member

Arif M, NameCult.com TheDomainSocial.comTop Member

Account Closed (Requested)

Hopeless Fighter: Desolate Knight of Exo TowersTop Member

Similar threads

We're social

Pinned

Appreciation

Agreement