Institution can access my email (inbox/sent items/etc) and edit it? [migrated]

First of all, I have thoroughly read the answers to the following questions and none of them answer my queries:

  • Can Google Chrome read/scan my ProtonMail inbox page?
  • Can my IT department read my Google Hangouts chats while at work?
  • Does company email can access hangouts and private emails?

I am a student at one of the highest ranking universities of the UK (even though I avoid giving much credence to rankings). A couple of days ago, someone found a way to send emails to every single student, masquerading as the Vice Chancellor (the emails appeared to be from his own university email address).

The email body was basically a silly hoax, appearing to have been executed by teenagers (“Dear students, just got off the phone with the prime minister, the University of [censored] will close indefinitely, exams are cancelled, go out and party, etc“).

The same day after a few hours, all the received emails had been deleted from all of our inboxes; a few people had replied to that email though and still had the original ‘hoax’ email. The next day, the email they had sent was deleted as well.


The University evidently has access to our email accounts, but:

  1. Are they allowed to Access/View/Edit out accounts?
  2. Is this legal?
  3. Do I have any say in it? As in, can I refuse using the University email for any type of correspondence and can I demand that they contact me only through my personal email address? If not, is there any way I can preserve my privacy?
  4. If this was not disclosed clearly to any form of “Terms & Conditions” that I agree to by studying here, then what are my rights?
  5. Does GDPR have any effect here, or is the university allowed to do whatever they feel like?
  6. What else do they possibly have access to?

The university uses Office365 (Outlook).

Is it possible to setup email servers to encrypt communication in transit?

I understand that generally email communication is insecure by default and would like to know if its possible to setup email servers so that the emails get encrypted when sent between hosts.

I want to know if there is actually a way to include personal information in emails and keep it secure in a Business to Business Scenario (B2B). This usually involves a scenario where and email is generally generated or typed that gives instructions on who to contact or follow up with. It is intended for a human to read and not intended to be processed by a machine

I’d also appreciate any relevant explanation particularly details of commonly known approaches so that i can investigate further. Even if its at the level of a pattern and common strengths and weaknesses.

E-Mail privacy proxy for hiding real e-mail?

Do E-Mail proxy services exists to improve privacy and security?

Privacy in the sense that one wouldn’t need to give a website his/her username (possibly even in the firstname.lastname@domain.tld form) and in a security sense that the used e-mail couldn’t be used to log into the e-mail service (thereby making it useless for a leaked password, because the e-mail address couldn’t be used to login).

Example:

john.doe@gmail.com could be someone’s e-mail. If there were a Google Privacy/Proxy service then one could generate as many random e-mails as possible and if one would be sent spam to, or leaked, it could be disabled:

  • abcdef@gmail.proxy
  • 290dcef@gmail.proxy

could both redirect mail to john.doe@gmail.com.

One could be blocked/disabled/removed if wanted without abandoning the real account (e.g. because 290dcef@gmail.proxy has been compromised or spam is being sent to it).

Would it really improve security and privacy? Or am I missing something?

And does such a service exist? (as a bonus, replying from such proxy e-mails would be even better, converting the real account from field to the proxy mail address)

Gmail Email id, dot(.) recognition [closed]

I keep on receiving email which is intend to be received by a gmail id similar to be mine, with no dots(.) in gmail id of other party. For example : my email id is john.grisham@gmail.com the inbox of above email ids, get emails intended to be received by johngrisham@gmail.com

Question 1: The other party will also be receiving my emails ? Question 2: How can i get rid of this problem?

My email address is being used to enroll for online services. Should I be concerned?

Just before Christmas I received the following message in one of my GMail accounts:

Sign-in attempt was blocked
********@gmail.com [redacted by me]

Someone just used your password to try to sign into your account. Google blocked them, but you should check what happened.

I signed into that account and looked at the activity (not by clicking the link in the message, of course) and indeed there was a sign in attempt blocked from the Philippines.

I gather this means that an attacker entered the correct user name and password for my account, but was likely blocked because they couldn’t pass the MFA challenge. Or maybe Google’s fraud detection is actually decent and it knows I’ve never been to the Philippines? Either way, I immediately changed the password and (as far as I know) the attacker didn’t gain control of the account.

However, in the 2 weeks since then, I have received several email verification requests from various online services that I never signed up for — Spotify, OKCupid, a Nissan dealership in Pennsylvania (that one’s interesting), and a few others I’ve never heard of before. Someone out there is actively using my GMail address to enroll for these services.

The account in question is not my main account, and while the password on it was admittedly weak, it was also unique (I never used it on anything else). I changed it to a password that’s much stronger now.

Should I be concerned about this?

Also, if the attacker didn’t gain control of the account, why use it to enroll in all these services?

Is there any hook or filter that user data, specifically email address, is passed through on new order creation?

I want to create a function/module that corrects common email typos on new orders.

For example to auto correct gmail.con, hotmail.con to .com, and many many more common typos.

Is there any hook or filter that user data, specifically email address, is passed through on new order creation, so that we can modify it before it’s inserted into the database?