This is an automated archive made by the Lemmit Bot.
The original was posted on /r/maliciouscompliance by /u/IntelligentKitchen77 on 2025-06-06 15:01:46+00:00.
I work in internal IT support for a midsize firm. Our new Director of Compliance is extremely paranoid about cybersecurity. One morning, she issued a blanket policy: “All internal emails must be in plain text only. No HTML, no links, no formatting, no embedded images.”
I warned her this would make our automated reports unreadable, our internal ticketing system buggy, and would break calendar invites. She snapped: “Security takes precedence. Make it work.”
You got it.
I reconfigured our team’s email to use only plain text. The next day, her daily system reports came in looking like this:
yaml
CopyEdit
Ticket #2932
User: jsmith
Issue: cannot login
Resolution: password reset
Status: closed
Ticket #2933
User: [REDACTED]
Issue: [REDACTED]
Status: [REDACTED]
Why redacted? Because she blocked all formatting and image links — including our redaction tool which used inline images.
She also missed a compliance deadline because her calendar invite came through as:
makefile
CopyEdit
BEGIN:VCALENDAR
BEGIN:VEVENT
SUMMARY: Quarterly Audit
DTSTART;TZID=EST:20240503T130000
END:VEVENT
END:VCALENDAR
Two days later, she reversed the policy. Quietly.
I never said a word.