Now that most of the sendmail problems have been addressed and people know how to configure SMTP relays, is it really still such a big issue? Just how hard is it to intercept internet email?
2007-01-02 00:43:56 · 3 answers · asked by global_monkeyman 1 in Computers & Internet ➔ Security
How does the mail go from my ISPs POP server to my recipient's SMTP server? If it goes via other POP/SMTP servers, I guess I can't be sure they're configured securely, and this is the biggest threat?
2007-01-02 08:50:46 · update #1
Since the SMTP protocol hasn't changed, the situation is still the same. But you can use encryption, if you're concerned about the confidentiality of your e-mails.
BTW, nowadays internet email is more like a trash bin - any idiot can put tons of garbage in your inbox - and many of them do so. :-)
2007-01-03 02:09:28 · answer #1 · answered by Vesselin Bontchev 6 · 0⤊ 0⤋
well speaking as someone who recently set up an email server i can safely say that the server administrator can read all of your emails should the email server be so configured.
the server administrator can relay emails to any account of there choosing meaning your emails are very insecure indeed. even if you change or have a strong password on your account the adminstrator can have un restricted access. as my server is for me and family only i currently have all mail in and out relayed to a seperate email address. this is incase my mail server crashes or gets a bug and erases mail i can safely retrieve messages and forward them back to the intended recipents should i need to.
it also allows me to monitor if anyone gains access to my email server without my knoweldge and send spam i can then deactivate that account imediatley.
but email like any comunications needs to be used with common sense, for example do not set passwords or other important or financialy sensitive information in an email as it could fall in to the hands of a crook so easily for so many different reasons.
if you have to deal with your bank either go to the branch or deal directly using there secure message system from within your account, and be sure you only have them contact you using there internal account messaging system, then you know any email from any bank has to be a fraud, as your bank knows to only deal withyou online via internet banking for example.
there are so many ways to enhance your online security that it is impossible to go into them all and all the weaknesses with the internet under normal conditions it would take a year to write up the details of what to do in each eventuality.
so to sum up yes it is still true to a limited extend while email in open unsecured format is still easy to read by anyone using a security phrase or key for your email would make it a little more secure, but any server administrator can have email forwarded to any address they want internal or external to the local mail server and so if they choose can read the messages if unsecured (no encryption even then there is no guarantee the administrator could simply change the password on an account to read the email if it is secured or find the password from the server log file (if they set logging active)).
but anyone with dictionary words or names, place names or post codes or vehicle registration numbers for passwords are easy to decode and so access easily.
if you want to be secure with your email inbox from a passing hacker then passwords of minimum 15 charachters containg upper and lowercase letters as well as numbers and symbols in an apparently random sequence will make it harder for a passing hacker to get in. Also changing your password at least twice a week will also help providing you stick to the same format.
however the system administrator (server managers can have access to your messages) so be careful what you send.
this is also useful as a logging tool should a user be abusive or break the law with threatening behaviour you can find the emails sent by that user and forward copies to the relevant authorities such as the police, with or without a court order. personally any emails from my servers that are abusive and threatening would be forwarded to the police if needed without the police having to get a court order. but then as this is a family system there is no need for me to be forwarding emails to anyone.
i hope this answers the question to your satisfaction.
you only need domain level and or server level access to gain access to the email messages and change passwords for example once you change a password you can access the email without having to forward it anywhere.
uisers can change there own passwords however domain a server administrators can revoke or reset apassword and so could read the email of anyone the choose. but this is unlikly as there are more imprtant things to do than spending weeks reading everyone on the servers email.
also server administrators can log passowrds in the access log if they choose. so finding a password for a specific account without having to change the password is an easy process.
2007-01-02 09:16:47 · answer #2 · answered by thebestnamesarealreadytaken0909 6 · 0⤊ 0⤋
It depends on who you mean.
Government organisations such as the CIA have been logging every email.
2007-01-02 08:56:45 · answer #3 · answered by Nothing to say? 3 · 0⤊ 0⤋