Summary
If a confidential email is sent to a masked SAP address, immediate action depends on the email client (Outlook has a recall; Gmail has 'Undo Send'). Check for delivery by seeing if a rejection was received; no rejection suggests delivery. Contact your IT or SFMC to understand the email's path, SAP setup, and check Mandrill logs. Review email headers to identify the sending domain. Inform the recipient about the error and send a follow-up. Consider if the incident constitutes a GDPR breach. Verify internal policies, and seek legal advice if necessary. Implement preventative measures and DMARC. Acknowledge the error, apologize, and reassure the recipient that steps are being taken to prevent recurrence. Standard SMTP does not allow recalls.
Key findings
- Client-Specific Recall: Outlook offers a recall option; Gmail has an 'Undo Send' feature.
- Rejection as Indicator: No rejection suggests the email was delivered.
- SAP/IT Consultation: Contact SFMC/IT to understand the email's path and SAP setup.
- Header Examination: Examine email headers to find the actual sending domain.
- Recipient Notification: Inform the recipient of the error and send a follow-up email.
- GDPR Consideration: Evaluate whether the incident constitutes a GDPR breach.
- Policy Review: Check internal policies for handling such situations.
- Legal Advice: Seek legal counsel if sensitive information was involved.
- Preventative Measures/DMARC: Implement preventive measures and DMARC to avoid future incidents.
- SMTP Limitation: Standard SMTP doesn't support recalling emails.
Key considerations
- Email Client: Recall options depend on the email client used.
- SAP Setup: Understand how SAP masking impacts delivery.
- Data Sensitivity: The sensitivity of the data dictates the urgency and actions needed.
- Internal Policies: Adhere to company policies for data security.
- Legal Implications: Be aware of potential legal ramifications.
- Future Prevention: Take steps to prevent similar mistakes.
- Spam/Quarantine: Consider that the email might have landed in spam or quarantine.
What email marketers say
10 marketer opinions
When an email with a confidential attachment is mistakenly sent to a masked SAP address and needs to be recalled, the immediate steps depend on the email client used. Outlook allows for a recall attempt, while Gmail offers an 'Undo Send' feature within a limited timeframe. Contacting your IT service desk can help trace the email's route. Regardless of the system, informing the recipient of the error and asking them to disregard the email is crucial. Examining email headers can help determine the actual sending domain and routing. Sending a follow-up email to explain the mistake is also recommended. Additionally, assess whether the incident constitutes a data breach under GDPR, review internal company policies, and consider seeking legal advice. Finally, ensure DMARC is properly implemented to prevent domain spoofing.
Key opinions
- Recall Functionality: Outlook has a recall feature, while Gmail offers a short 'Undo Send' window.
- Contact IT: Your IT service desk can help trace the email's path.
- Notify Recipient: Inform the recipient of the error and request that they disregard the email.
- Examine Headers: Email headers can reveal the true sending domain and routing information.
- Follow-Up Email: Send a follow-up email to explain the mistake.
- GDPR Implications: Assess whether the incident constitutes a data breach under GDPR.
- Review Policies: Check internal company policies regarding misdirected information.
- Seek Legal Advice: Consider obtaining legal counsel, especially if sensitive information was involved.
- DMARC Implementation: Ensure proper DMARC implementation to prevent future domain spoofing.
Key considerations
- Email Client: The available recall options depend on the email client used (Outlook, Gmail, etc.).
- SAP Masking: Investigate the specific SAP setup to understand how it may have affected email delivery.
- Data Sensitivity: The sensitivity of the attached information will determine the level of urgency and the need for legal or regulatory reporting.
- Company Policies: Adherence to internal policies is crucial for maintaining data security and compliance.
- Legal Ramifications: Accidental disclosure of sensitive information may have legal ramifications.
- Prevention: Implement measures to prevent similar incidents from occurring in the future (e.g., training, DMARC).
Marketer view
Email marketer from Google responds that in Gmail, you can use the 'Undo Send' feature to recall an email shortly after sending it. The amount of time you have to recall an email depends on your settings, go to settings and undo send and choose how long you have.
25 Mar 2025 - Google
Marketer view
Email marketer from Gmass explains that you should send a follow-up email to the recepient to explain the mistake.
6 Sep 2021 - Gmass
What the experts say
4 expert opinions
When an email containing confidential information is mistakenly sent to a masked SAP address, determining if it was delivered is the initial step. If no rejection was received, delivery is likely, but remote deletion is generally impossible. Consulting SFMC to understand the SAP address setup is crucial. To trace the email's path, collaborate with both Outlook and SAP administrators. Acknowledging the error, apologizing sincerely, and implementing preventative measures can mitigate the impact.
Key opinions
- Delivery Status: Lack of rejection implies probable delivery.
- Remote Deletion: Remote deletion is generally not possible.
- SFMC Consultation: Consult SFMC regarding SAP address configurations.
- Administrator Collaboration: Collaborate with Outlook and SAP admins to trace the email.
- Acknowledge Error: Acknowledge the mistake and apologize sincerely.
Key considerations
- Email Fate: Consider the possibility it is in spam, quarantine, or still in limbo.
- SAP Setup: Understanding SAP address setup is crucial for identifying delivery location.
- Data Sensitivity: The sensitivity of the information influences the urgency and necessary actions.
- Preventative Measures: Implement measures to prevent similar errors in the future.
Expert view
Expert from Email Geeks shares that the best approach is to talk to whoever manages the Outlook setup to see if the mail was delivered and to the SAP admin to understand what happened. They will have the data to prove what occurred.
9 Dec 2024 - Email Geeks
Expert view
Expert from Email Geeks responds to suggest contacting SFMC to understand how the email addresses are set up and what happens to mail sent to them.
10 Sep 2023 - Email Geeks
What the documentation says
4 technical articles
When an email containing confidential information is mistakenly sent to a masked SAP address and needs to be recalled, investigation into the specific SAP setup within SFMC is crucial, as SAP masks the domain. If the email bounced, analyze bounceback messages and error codes. Mandrill logs can provide deliverability information. Standard SMTP protocol does not support recalling emails once transmitted.
Key findings
- SAP Investigation: Investigate the specific SAP setup within SFMC to understand delivery.
- Bounceback Analysis: Analyze bounceback messages for error codes if the email bounced.
- Mandrill Logs: Review Mandrill logs for deliverability information.
- SMTP Limitations: Standard SMTP protocol does not support email recall.
Key considerations
- SAP Configuration: Understanding the SAP setup is vital for tracing the email's route.
- Bounceback Interpretation: Accurate interpretation of bounceback codes is crucial.
- Log Availability: Access to Mandrill logs or similar systems is needed.
- Protocol Limitations: The inherent limitations of the SMTP protocol prevent recall efforts.
Technical article
Documentation from Proofpoint explains that if the email bounced, review the bounceback message, particularly focusing on the error codes, to determine the cause of the delivery failure. This could give insight into whether the masking caused the issue.
3 Jul 2022 - Proofpoint
Technical article
Documentation from Mandrill explains that you can review Mandrill's logs to see if there is any deliverability information.
26 Nov 2024 - Mandrill
