85
you are viewing a single comment's thread
view the rest of the comments
[-] palordrolap@fedia.io 8 points 1 day ago

Anything that isn't encrypted at the message level will be accessible in plaintext at some point on a mail provider's hardware.

Secure protocols only ensure that mail gets to the mail provider and leaves again without someone else reading the message on the wire. On the server, there is no such protection.

Take a look at any mail message's headers for Received. Any server that added a header, and maybe a few others besides, had full access to the plain text of the whole message.

A good provider might have encrypted volumes in case a server is stolen, but while those volumes are live, messages on there are effectively plain text.

This is an unavoidable fact.

For many years, I had access to hundreds if not thousands of customer mailboxes but neither I nor my colleagues had any need or desire to go snooping, and I expect we would have been sued out of existence had we done so, contracts or otherwise.

The closest I ever got was when trying to help a customer determine what was happening to messages being sent from a third party. I was able to confirm that messages from that third party were indeed landing in the mailbox (literally grepping for the From: header in newly arrived messages) and then confirming that the message had been collected by something outside our network.

Then we had to go through the usual customer-side troubleshooting, like other things that might be picking up the mail, junk mail collection systems, message rules and so on.

A few customers were uncomfortable as and when they realised we were able to see all their mail. They got an abridged version of the above and were told about the benefits of things like PGP or having their own mail server to reduce the chance for snooping.

this post was submitted on 18 Jul 2026
85 points (92.9% liked)

Technology

86469 readers
3385 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots


founded 3 years ago
MODERATORS