85
The Email They Shouldn't Have Read
(it-notes.dragas.net)
This is a most excellent place for technology news and articles.
Anything that isn't encrypted at the message level will be accessible in plaintext at some point on a mail provider's hardware.
Secure protocols only ensure that mail gets to the mail provider and leaves again without someone else reading the message on the wire. On the server, there is no such protection.
Take a look at any mail message's headers for
Received. Any server that added a header, and maybe a few others besides, had full access to the plain text of the whole message.A good provider might have encrypted volumes in case a server is stolen, but while those volumes are live, messages on there are effectively plain text.
This is an unavoidable fact.
For many years, I had access to hundreds if not thousands of customer mailboxes but neither I nor my colleagues had any need or desire to go snooping, and I expect we would have been sued out of existence had we done so, contracts or otherwise.
The closest I ever got was when trying to help a customer determine what was happening to messages being sent from a third party. I was able to confirm that messages from that third party were indeed landing in the mailbox (literally
grepping for theFrom:header in newly arrived messages) and then confirming that the message had been collected by something outside our network.Then we had to go through the usual customer-side troubleshooting, like other things that might be picking up the mail, junk mail collection systems, message rules and so on.
A few customers were uncomfortable as and when they realised we were able to see all their mail. They got an abridged version of the above and were told about the benefits of things like PGP or having their own mail server to reduce the chance for snooping.