Dismissed for Gross Misconduct after Discrimination & Victimisation

[eddie1234567]

Hi, I've not seeing anything here in relation headers etc of the e-mail.

 

As much as folks like to think that "anonymous" e-mail is untraceable (and at the risk of teaching granny to suck eggs) , it is traceable back to the originating e-mail provider, at a minimum. From there, that provider would possibly be able to tell which connection and user it came from. This e-mail may fall under the Computer misuse act as well as the Malicious Communications act

 

Of course, for all the nerds (of which I am one of you), with the right tools all of the above can be muddied and hidden. The question is, will the other person be capable or knowledgeable enough to know this.

 

The main point to make is to ask for the original e-mail including all  headers in-case this can be used to trace, and possibly identify, the originator.

 

edit: police may also be interested in this e-mail from the misuse/malicious perspective above.

edit2: Just a thought, very tenuous one which I will leave others to comment on as to whether good or bad,  if you do decide to get the whole e-mail, including headers. If they don't give it to you, remember they are saying you did send it, therefore by their words it is your data.... Otherwise they are acknowledging it is not yours, and therefore did not send it.

 

5 hours ago, Gopio said:

They had attempted to trace the source of the email but could not do so.

Just saw this bit, soz.

 

can they provide proof of what the did to trace it. Did IT provide the full headers, where any decent IT guy (muddying previously mentioned not at play of course) would be able to trace back to the originating mail servers etc.

 

Edited April 4, 2021 by eddie1234567

[eddie1234567]

59 minutes ago, Emmzzi said:

 

c) you did not send the email on which the case seems to rest and believe there has been insufficient investigation - IP addresses etc - this is too tenuous evidence on which to end  a persons career; 

 

 

As Emmzzi says as well as you are disputing this message and no doubt they won't know what a "message structure" involves (unless they sought knowledgeable advice) and as there is just as much chance of the other party sending it to be vindictive, what you need from the mail servers, the original traffic (even if they have to go back to the server backups) is the RAW MESSAGE.

 

If they just use Outlook or Android or Apple Mail then these full headers may not be easily/readily available and if they did it themselves it may not show the full path. That is why you need to extract the Full RAW MESSAGE and the MAIL SERVERS logs, which will give other info pertaining to the specific message

Edited April 4, 2021 by eddie1234567

[eddie1234567]

15 hours ago, Gopio said:

So bring out reasons why I think the outcome was wrong, ask for raw message and server logs of the email, state that it is too tenuous to end my livelihood and career based on an anonymous external email which I did not send, provide any new evidence and information and evidence which I do not think was considered properly as part of the original investigation, ask for a reinvestigation.

 

 

The rest of your post is way out of my league. 

 

 The Raw Message and Server Logs will give you the start of a path of investigation. Those will initially only provide the originating server and how they arrived at your Org.'s server. This will probably be the whole investigation carried out by the Cybersecurity dept., although I am worried that they say they were unable to find the source of the e-mail. This could just be a misunderstanding on my part of what they did. It could mean they "could not find the headers to see the originating servers" and rely only on the From Address or "they could not identify the physical person that sent it".

 

Primer on Headers What is an E-mail Header? (whatismyipaddress.com)

 

You will need these details. The Headers' first entry will also provide the Message Identification, dates and times, physical servers, etc. The information from there will be needed by the service provider to identify the originating connection and the IP address assigned at that time. These won't be in the headers (depending on the mail provider). Suppose it was a free e-mail account that was associated with a Broadband Provider. It may identify the originator's address or at least where they were at that time. This could be a device or the router at the address.

 

As long as the mail's originator did nothing to cover their tracks, the provider will need some type of docket to reveal these details. You would need to go through legal channels, either through a lawyer or the police, for this. This e-mail isn't a prank that they should shrug off. IMHO your org should also be taking steps to report this to the police or other regulatory body that has powers to access this information. 

 

Trying to keep this as brief as can be in an internet forum with no warranty etc. Let's say, for argument's sake, this other person wrote the mail, or their friend(s), whether, from home or work, there are digital footprints.

1. Other person does it from home: Connection details are logged at Mail provider of which "router" connected, possibly which device can be traced directly to them.
2. From a friend at home: same as (1) but at least prove it was not you.
3. If either (1) or (2) did it from work, then the same information is logged at the Mail Provider, this time with your Org.s IP Address. Depending on your org's policy for logging all access requests, it may also log which machine connected to outside, the INTERNAL IP address, and possibly the User who initiated the connection. This may be provided at the your org's firewall level on the link coming coming in/going out of the org.

[eddie1234567]

Hi Manxman, I am sure you meant well too.

 

The op mentioned getting the raw message on the back of initial advice given up top, about how to trace what seems to be a key issue.

 

They mentioned they may be going to do this, which would mean a bigger disservice to leave them considering asking for it, without knowing how to get it and how to use it; that it isn't a magical panacea and they would need external assistance to access the final info.

 

 

 

[eddie1234567]

That's why I suggested asking for it.

 

He would have to ask for it, and if included as part of any evidence,  it should include the headers, which is the full message. More folks have to be aware of this.

 

I dont think they investigated, the IT failed to advise correctly. If there is malicious communications going on, and you have the evidence and ignore it, you leave the org open. 

 

The OP mentioned a malicious email and I offered advice on how to help find out who possibly sent it, not on who should do what in relation to any meetings, therefore speculation there is irrelevant and is muddying the waters by intimating it is advice and employers may be upset about

[eddie1234567]

14 minutes ago, Gopio said:

Thanks for all your input. Again, in relation to the email the reason why they believe on the balance of probabilities that it came from me was because of the timing in which it was sent (i.e. a few hours after we had our altercation), some of the 'content matter' e.g 

 

As a purely information post, and not influencing if you should or should not say anything

 

One information source in the headers would be the date and time it was physically sent. . Could you provide info to anyone in the future that may be interested, of your whereabouts then that may show it was impossible for you to do so.

 

Others advice on the disciplinary are more relevant, and it would be too late to do this now, but it may clear your name, for your own personal honour, in a police investigation if you were to report it outwith these proceedings.