Email data loss prevention

Sent a confidential email to the wrong address? Here’s what to do.

by Egress
Published on 20th Apr 2021

First things first, stay calm. It’s embarrassing to misdirect a confidential email, but you’re far from alone. Most of us have done it at least once (some of us many times) and there are a few options for mitigating any damage done.

We’ll run through your options and also offer some advice on preventing misdirected emails in the future.

Is it possible to unsend an email?

In short, no. Once an email has been sent, there is no real way to ‘un-send’ it. There is a possibility of recalling an Outlook email if it’s been sent to somebody within your organization, and if you’re fast, you can cancel outgoing emails in Gmail. Skip to the below sections if you’re in either of those situations.

However, if you’ve sent a confidential email to somebody outside your organization, you’re in more of a damage mitigation scenario. The best course of action is following up with the person, apologizing, and requesting that they delete the email and do not open any attachments.

It’s also important to contact your organization’s data security team. It might be a little embarrassing, but they need to know all the details. As tempting as it may be to sweep the mistake under the carpet, this could come back to bite both you and your organization later down the line.

The likelihood of getting a misdirected email back is slim, which means the best method is always prevention. Skip to the final section of the blog to learn how to protect yourself in the future.

Outlook: How to recall emails

It’s possible to recall an email in Outlook in two scenarios: if the recipient and the sender both use a Microsoft Exchange account in the same organization, or if they both use Microsoft 365. Basically, that means you can recall unread emails to people you work with.

  1. Open up your “Sent Items” folder
  2. Double-click on the misdirected email
  3. Click on the “Message” tab in the top-left of your navigation bar (it’s next to “File”). You’ll see a section called “Move” – click on the “More Move Actions” icon.  Click “Recall This Message” from the dropdown menu.
  4. You’ll get a pop-up asking if you’d like to “Delete unread copies of the message” or “Delete unread copies and replace with a new message”
  5. If you choose to replace with a new message, a second window will open and you’ll be able to edit your original email
  6. Remember to click the “Tell me if recall succeeds or fails for each recipient” option. That way you’ll be notified whether the recall worked or not for each recipient
  7. Select “Ok” to recall, and “Send” if you replaced with a new message

Unfortunately, this isn’t a foolproof solution. If the recipient has already opened the email, you can’t recall it. They’ll get the message saying you want to delete the email, but the misdirected one will stay in their inbox anyway. It also won’t work if you’ve sent to a public folder or tried to recall from a mobile device.

As you can see, the options for undoing mistakes via email are limited. When it comes to misdirected email, the best method is always prevention. Skip to the final section of the blog to find out how.

Gmail: How to recall emails

Annoyingly, there’s no way to recall emails within Gmail in the way you can with Outlook. The only thing you can do is enable a fix that might be able to help you for next time. Gmail has a “Delay” function that gives you a 30-second window to change your mind and catch the email. That’s a maximum of 30 seconds by the way though – so you need to react fast.

This can be a handy lifeline if you’ve “fat fingered” the send button and immediately noticed your mistake. Here’s how to set it up.

  1. Click the “Settings” icon (the wheel/cog) and click “See all settings”
  2. Under the “General” tab, you’ll see a section called “Undo send.” Click “Enable” if it isn’t selected already
  3. Choose your time limit (you can only choose from between 5, 10, 20, and 30 seconds)
  4. Hit save changes at the bottom of the page
  5. When you next send an email, the “Your message has been sent” box will appear with an additional undo option (a link on a yellow background)
  6. If you click on “Undo” within your selected time frame, the recipient will never know you sent it. But if you miss it, it’s gone!

The clear problem with Gmail recall is that if you didn’t have the recall setting enabled, there’s no way to get the email back. And even if you do have it enabled – it’s pretty easy to miss your chance of clicking undo. You also lose the option to undo if you’ve navigated away from the screen.

As you can see, the options for undoing mistakes via email are limited. When it comes to misdirected email, the only real solution is prevention.

Preventing misdirected email

The impacts of misdirecting a confidential email can be serious – and it can happen surprisingly often. So it’s sensible to protect both yourself and your organization from potential breaches. We’re all human and we all make mistakes, which means a solution needs to understand human behavior.

Outlook and Gmail both have ‘send delay’ functions that hold your email in an outbox for a set period of time. However, this is only useful in an instance where we realize our mistake. And that’s often not the case.

Another common but limited solution is to set up ‘static rules’ (e.g. you can send attachments to Company A but not Company B). But rigid rules don’t account for the way we actually work, and they can end up denting productivity. The only way to truly protect yourself from misdirected email is through human layer security.

Egress Intelligent Email Security is an example of human layer security, which uses machine learning to adapt to each individual user’s behavior. This means it’s content-driven, protecting you from real life mistakes that could result in breaches of confidential information. It works seamlessly and in real time, keeping you safe without impacting your productivity.

Learn more about how human layer security protects you from misdirected email. Or if you’re ready to start a free (no strings attached) trial, ask your IT team to get in touch for a demo.

Related articles