Announcement

Collapse
No announcement yet.

Big Issue: All Company Emails Being Imported Into EspoCRM??

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Big Issue: All Company Emails Being Imported Into EspoCRM??

    Hello,

    Recently I started a cloud trial to check out all the extensions, the Google integration being one of them. I recently linked my company's Google Workspace (G-Suite) account to Espo via the API console, then setup email accounts for all my Sales Reps. When I setup these email accounts all I did was input the Gmail IMAP & SMTP config details, and just left the Gmail password fields blank. I was of course going to send out an email instructing everyone how to enable their email integration in EspoCRM.

    WELL... One of the reps brought to my attention that somehow ALL of my company emails are being ingested into EspoCRM, even ones for email accounts THAT AREN'T EVEN USERS IN THE SYSTEM!!!! The company owners as well... Why in the world would anyone want 100% of emails across your domain to be visible by anyone in the Emails entity in EspoCRM??? What doesn't make any sense is nobody has even Connected Gmail or input their password yet? How would users in my email domain without any EspoCRM account be loaded into this system? There aren't even any settings to control any of this behavior, and I've tried to call the number on the espocrm.com site and so far have left 2 voicemails in the past week but it doesn't seem like anybody's even there... I also don't believe this to be an issue on the Google API because there just simply isn't any controls or settings built in to manage this, it's simply for authentication. The API isn't even registering any traffic at all whatsoever coming from Espo... So I'm very confused here...

    Can anyone explain what is going on here to me because I am lost? Any help is much appreciated...
    Google Integration My list of users Email configuration each user has. NO passwords or Gmail connections.
    5 Photos
    Tags: None
  • #2
    If you connected a Personal Email Account (or Group Email Account) to your Google, it will fetch all emails from folders specified in Monitored Folder". "If you connected via OAuth, password is not needed. I doubt that it managed to fetch emails not related to your mailbox somehow. It connects via IMAP and fetches emails from specific folders. It should not have access to other mailboxes. We will investigate this.


    We can remove all your data by your request.
    Last edited by yuri; 08-11-2021, 05:33 AM.

    Comment

    • #3
      Hey Yuri,

      Thanks for checking this out. I see, so once the OAuth connection is made, there's no longer a need for passwords or the Gmail Connect. What is the reasoning for the "All" section though? I have no group email accounts configured at all, nor have I even attempted a group email setup yet. The All email inbox almost functions as a whole-company group email it would seem.

      I've attached some more screenshots with first names unredacted just to show that users who don't have a personal email setup are still having their emails brought into Espo. I can go to any of those emails and see them in their entirety, all the body content and past replies, recipients as well. You can see from these screenshots that names in the All mailbox are not the same names from the sales team in my Personal Email Accounts list.

      Am I able to start deleting these emails without them being removed their actual Gmail inboxes? Last night I did disable the OAuth connection, so essentially no email accounts should be connected then right?
      All the emails but with first names showing, many individuals who would never even use this CRM. Our company Controller, who also never needs to touch our CRM, also is having his private emails ingested. My same list of all email accounts currently setup, but with first names uncensored.
      3 Photos

      Comment

      • #4
        All imported emails are available in EspoCRM. EspoCRM does not have personal email clients for each user.

        By default users are not able to see any email. If you provide "own" access level in Roles, they will see all emails where they are participants (either in FROM, TO, or CC address). No matter how an email was imported. It's the main concept we have since the beginning and described in the documentation.

        I assume that you imported some mailbox that has all emails.

        Comment

        • #5
          Last night I did disable the OAuth connection, so essentially no email accounts should be connected then right?
          Right.

          Comment

          • #6
            What is the reasoning for the "All" section though?
            It's the one of crucial features of EspoCRM. E.g. a manager are able to see emails of members of their team. W/o this feature using CRM would have much less benefits.

            Comment

            • #7
              Originally posted by yuri View Post
              By default users are not able to see any email. If you provide "own" access level in Roles, they will see all emails where they are participants (either in FROM, TO, or CC address). No matter how an email was imported. It's the main concept we have since the beginning and described in the documentation.

              I assume that you imported some mailbox that has all emails.
              I think part of what may be happening here is that we of course have email groups for Staff (All employees in company) and Sales (All sales reps, customer service, + owner). Since many employees are in those groups they all get brought in the All email box.

              I set the email access for my Sales role to OWN for Read, Edit, Delete. I do however see 2 issues with this:
              1. Being a furniture manufacturer, we do alot of business with large healthcare corporations, government agencies, and specialized institutions & organizations... These have Parent-Child (One-to-Many) relationships with other accounts that could be across multiple sales rep territories/states... sales rep Lori may want to see email interactions with a closely related account for sales rep Mike in an adjacent territory. She won't be able to see those if Email Access is set to OWN across the board.
              2. There is of course sometimes high employment turnover in Sales... E.g. Peter Pizza has a territory he's been working for a long time, and then leaves the company! Brianna Boli is hired and takes over this same territory previously worked by Peter. It's of course super valuable for her to see Peter's past interactions with all the accounts there so she can pickup where his rapport/relationships with these accounts left off. Even if I set Peter Pizza's email account to POP protocol, load all his emails onto the EspoCRM web server, Brianna still won't be able to view his old emails
              If I maintain OWN email access for the Sales role in an effort to keep private company email conversations out of the ALL email mailbox, it would seem that I then risk headaches in the two scenarios above? Is there maybe someone on this forum that's successfully disabled/removed the ALL mailbox while still keeping the email system and its functionality stable?

              Comment

              • #8
                Originally posted by yuri View Post
                It's the one of crucial features of EspoCRM. E.g. a manager are able to see emails of members of their team. W/o this feature using CRM would have much less benefits.

                Ahhh I see, thanks for explaining that. I could definitely see the value in that, but the Sales Manager would have to be quite the micro-manager, eh? Not trusting his sales reps such that he would want to see and read ALL the emails from ALL his sales reps for the accounts they're working. For training purposes I get this is a great feature, but our inside sales team are more experienced/senior-level sales people. They don't need any micro-management over their emails as long as they're meeting their sales goals.

                If this is the use-case for the ALL mailbox, then why not segment this as a Scope Level within Access Roles? Then I could re-enable Team Read access for Sales Reps, disable the ALL mailbox for them, then have another Access Role that is Sales Manager with the ALL mailbox enabled, effectively solving all the above mentioned issues it would seem!

                Comment

                • #9
                  yuri Any thoughts on the situation I outline above? For situations of viewing ex-employee emails, having semi-independent sales reps, sales reps having varying commissions and salaries and discussing these details over email with the company owner.. it just doesn't make sense to have everyone see everyone's emails. My company is 51 years old and we've always done Inside Sales, this is how this sort of stuff operates. Trained and professional reps don't need their emails babysat by a sales manager. Atleast having more access controls or just a simple Disable setting for the ALL mailbox would be a real game-changer, if anyone's done this already.

                  Comment

                  • #10
                    Even after I ensure my sales reps have OWN permission for emails, the ALL mailbox still allows them to see domain-wide emails...
                    Email permissions for Sales Reps, note OWN for READ. From a Sales Rep's account, ALL domain-wide emails can still be seen and inspected...
                    2 Photos

                    Comment

                    • #11
                      Maybe it's possible to create level of access like there is for user portals? Access to all records, account leve, contact level? For emails it would be all, team, own?
                      What do you think yuri ? Thanks to that everyone could setup own ACL for emails in roles.
                      • Likes 1

                      Comment

                      • #12
                        I don't know why users see not own emails in 'All' category. I've never encountered such a problem.

                        To check what users the email is related to:

                        1. Login as admin.
                        2. Open some email.
                        3. Dropdown next to Edit button > View Users.

                        You will see what users the email is related to. These users will get access to read this email if they have 'own' level.

                        If there will be multiple users in your case, then we need to figure out how this happened. I doubt there's a bug, though.

                        Comment

                        Previous template Next
                        Working...
                        X