Great. I just sent a confidential email to Reunion.com… by mistake.
Now it wasn’t extremely sensitive, but it was private business correspondence between my business partner and myself, and I certainly didn’t intend for it to be read by others.
Here’s how it happened:
Social networks routinely send out updates and invitations from other users. For example, Reunion.com emails you when someone searches for your email address on their site. The incoming email looks like this:
Maybe a bit spammy, but no big deal, right? Well here’s the problem: they send the email out in the name of the person who did the search!
In other words, the incoming email’s display name will be “Edward Anderson” or whatever, BUT the reply-to address will actually be something like email@example.com.
That’s such a bad idea, because the next time you go to send Edward Anderson an email, you start typing E-D-W-… and on many email apps (Outlook, eg) auto-complete will take over and spell out the full name for you.
But guess what? Even though it says “Edward Anderson” in the “To” line, you’re actually going to send that (possibly-confidential) email to firstname.lastname@example.org now.
I would be very interested to know how many emails they receive that are intended for others. Maybe I’m the only idiot who’s ever done it… but I doubt it.