[vox-tech] Email vs. FAX Security

[Micah Cowan]

Peter Jay Salzman wrote:

>
>>It would seem easy for an ISP's system administrator to use the root
>>password to read the email of the ISP's customers. ( I know I can log in
>>as root on my Linux system and use the "more" command to read my
>>downloaded email.)  Does anybody here believe that ISP system
>>administrator's ever do such a thing?
>>    
>>
> 
>Yes, but in the same kind of way that 16 year old McDonalds employees spit
>into the hamburgers (or worse).
>
>It's probably VERY rare.
>
>The statistics are such that it would (probably) NEVER happen to you.
>  
>
I doubt that it's as rare as you seem to think. In particular, I have 
heard enough stories of bosses reading employees' emails to believe that 
at least some of them must be true. Especially since a company can be 
held liable for sexually harassing or otherwise inappropriate comments 
sent over company email: it would probably be unwise /not/ to check 
employee e-mails. However, I think it's very unsportsmanly not to at 
least ensure that everyone is acutely aware of the public nature of 
corporate e-mail.

Also, consider that mail might also be read incidentally by a sysadmin 
trying to trace problems with the mail service or a mildly corrupted 
mailbox. Or just a BOFH-style sysadmin: I suspect there are plenty with 
the BOFH attitude, if not the BOFH skill.

Another case where I personally have read mail not intended for my eyes 
is when I have deemed it unacceptable to lose any mail sent to a 
particular domain, and have all mail not matching an actual mailbox sent 
to me. This helps catch misspellings and other problems, but if the mail 
is of a personal nature then I might rather have lost it...