I sent a sensitive email with an attachment to the wrong email address. Is there a way to invalidate (or pull back) this email and the attachment remotely? The email was sent out via the aol.com email agent.
I know there is a way to invalidate an attachment sent along with the email, but I am not sure about the email itself.
Normally no.
However, some email services have a short window when you can "recall" mail:
In a practical way, no.
The situation is analog to regular mail. Once you drop a letter in the mailbox, it is pretty much gone. Now, not discussing the legal aspect, in principle you could remove the letter from the mailbox until the time the truck comes to pick it up. After that, you could somehow stop the truck, and the same with different parts of the delivery process. But it would require, even in the best of cases, good timing and a little persuassion. Lastly you could also get the letter from your recipients mailbox before they open it.
In the electronic case, the situation is similar. After you send an email it usually passes from server to server (usually at least two), and it stays at the destination server until the client checks their email. In principle, again, you could stop the process at any time by deleting the file from the corresponding server before it is sent to the next one. Thing is, most of the time this happens fairly quickly (seconds, although in some cases it could be hours and sometimes even more in the past). And in general you don't have access to any of the servers involved.
Summary: technically possible, during a usually short window; basically impossible in practice.
I know there is a way to invalidate an attachment sent along with the email, but not sure about the email itself.
This, also isn't true. Attachments are just encoded in a way that allows the email system to transfer them, but they are carried within the same message. This would be different if you don't actually attach the file, but instead upload the file to some separate server and only send a link. This could be as simple as an HTTP server and an URL to the file, or it could be something done by a more sophisticated document control system.
After it was sent, probably in no way, but
the administrator of the receiving server (who manages the mailbox of the e-mail address of the wrong recipient), could still physically delete the mail from the server before it is accessed. It is a question of time and opportunity.
Time. This is obviously useful as long as it has not yet been downloaded. After that, he can still delete the server copy, but he cannot delete the downloaded one(s).
Opportunity. The administrator of the receiving server may have not the legal right to do it. Or even the possibility to act in time.
However, if it is an email within the company and an internal server is used, an email to and a quick phone call to the mail administrator could still be sufficient (when the company policies allow it).
Instead, you may need to use in advance safe procedures at work, especially dealing with sensitive content.
Use encryption , e.g. PGP, for the attachment with the public key given by the receiver. If you sent the attachement to the wrong people they will not be able to read. Using the key given by the right receiver you doublecheck your work.
Put attachments as links to a (local) cloud copy instead of the file. It is easy and quick in this case to delete, rename, change the permission to the file so that the link included in the mail become broken.
Use encryption and send the password via a different communication way. (Once again doublechecking).
An email written on your computer is sent from your client (outlook, your web browser ...) to a sending mail server which processes the request by sending it to a receiving server. Received mail is here archived with the attachment in the final recipient area, waiting for the user to download it. Everything happens in a few moments.
You can act in each step:
Before it exits from the sending server.
Some clients and some provider online pages (gmail ...) have a grace time: they allow you to defer the sending time by a few seconds (usually up to 30): this is a compromise between immediacy shipment and the time to reconsider/realize that an attachment is missing, or there has been an inadvertent sending. You have read an undo action, but the mail has not actually been sent yet.
After it is received but not delivered to the final recipient.
Some services (Microsoft, ...) allow to pull back a mail, within a corporate network; it does not always work when the deletion occurs after synchronization by a client set to make local copies and delete only at the explicit request of the user.
If you can contact and convince the administrator of the receiving email address in time, they can delete the mail not yet downloaded.
Simply put, you cannot.
Send a follow-up email requesting that the receiver delete the previous communication as it is private information sent in error.
It will be nice if they respond but do not demand a response from this person.
As far as I know, this is possible only in Microsoft Exchange environment - when both you and the recipient are using Microsoft Exchange and Microsoft Outlook for your mail. There is a function in MS Outlook called "Message Recall" that allows to do this, but only under a condition that the recipient hasn't viewed the message yet.
In other cases, there is no possibility to withdraw an already sent email.
I agree with the general sentiments above that it's not reliably possible any more.
I notice many answers talk about Microsoft Exchange server and the "message recall" option, with the caveat that it only works if the recipient hasn't viewed the message yet. I thought I would add a point of clarification based on my experiences before we moved to Office 365.
In my experience that caveat is only true if the user doesn't also use ActiveSync. Back in the day when people only opened Exchange emails in their Outlook desktop client the recall feature would work as advertised for any user who had yet to open the email in Outlook. As more and more staff started syncing their smart phones with Exchange I noticed that recall worked less and less.
It turned out that because ActiveSync was syncing the message to their phone, Exchange seemed to count that as reading the email even though the user might not have opened it in Outlook. It didn't appear to need to be read on the phone either, just synced.
if you are using office 365 you can
use this option but only inside the organization
