How Private Is Company Email?

by Richard Lowe, Jr.

Many years ago I was a consultant for a company who decided they wanted to perform a security audit of their computer systems. One of the components of their system that I was requested to check out was email. My client wanted to determine if their email was secure. 

It took me all of a minute to determine that their email was totally and completely insecure. Fortunately for them, this was in the days before it was common for company computer systems to be directly connected to the internet, because their email messages were stored in plain text in a well known system location. In fact, not only were the email messages stored in a completely insecure manner, but deleted messages were not actually deleted until an administrator purged them - and since they didn't have anyone doing that there was a complete record of company emails going back years in the past.

I had spent about thirty minutes on this part of the audit so far and was ready to move on when one of the email messages caught my eye. It was a particularly juicy romantic message from one employee to another. Well, romantic is not the right word - highly x-rated would be more like it.

Curious, I continued looking through the emails (off the clock, of course, since I had already accomplished my mission as regards email) to see what else was stored in the single message file.

I stayed up all night long, highly amused at what I saw that day. Believe me, I read some serious blackmail material (if I was that kind of person). Lots of office romance, some flirting, X-rated messages and other similar things. I remember one particularly scandalous series of hundreds of emails going back and forth between one man and a woman (both single) recounting their relationship for years. Every date, every x-rated encounter was written up in long, detailed messages. This was very entertaining stuff indeed.

After a few hours I got bored and stopped reading. I was tempted to keep a copy of the email data but resisted. That was not part of my mission. Fortunately, it was also not part of my job to report on indiscretions committed by various employees. My job was to find and fix any insecurities, and that's exactly what I did ... I erased the file and set up an automatic purge to permanently delete old emails. At the time that was the best that I could do.

I learned a very important lesson that day - email is not private. Not by any means.

Not much has changed in the intervening years. In fact, email messages are generally not encrypted in any way. In fact, I have never received an encrypted email and I've only sent a few in my entire life.

Just so you completely understand, a normal email message is NOT the equivalent of a letter send through the normal mail. In that case, you write your note on a piece of paper, put it in an envelope and drop it into the mail. As far as email is concerned, a better analogy is of a postcard. Your messages are "written" on the electronic equivalent of postcards. 

What does this mean to you? Anyone can look at your message. Quite literally, anyone.

Let's look at the process to illustrate how and when an email message could be read by another person.

1. You write the email using your email client. The client may create that email as a text file in a temporary folder on your hard drive. If someone looked at your hard drive they could find the email. And it's not any better if you use a web based email client such as Hotmail. These leave files in the Temporary Internet Folder, which can easily be recovered. Remember that the next time you read your emails at work...

2. You do type in the email address to which an email is sent. You could accidentally type in the wrong address. Worse yet, if you have distribution or mailing lists, you could accidentally type in one of those, which may cause an email to inadvertently be sent to the wrong person or people. For example, if there was a "Joe S Smith" and a "Joe M Smith" at your company with very close email addresses, you could easily send to the wrong person.

3. The email gets sent to your SMTP server (this is the system which accepts your email message and forwards along towards the destination).  At this point, the message could, in theory, be read by someone tapping your phone (or cable) connection. It's not likely (unless you are a spy or something) but it's possible (and not all that hard).
   
   If you are at work, well, the email probably gets sent to your SMTP server through something called a proxy server (the computer which manages the connections to the internet). If so, a copy of the email could be stored on the proxy server. In theory, this could be examined by someone who had access to that server.
   
   If you happen to send the email from your companies own email system, it is highly likely (especially in larger companies) that the email will be examined by context checking software. This is looking for curse words, sexual harassment, resumes and any other inappropriate content. Any emails found which violate company policy may be directly routed to personnel.

4. Okay, the email gets delivered to the SMTP server which it is stored, still as a simple plain text file, until it is sent to the next SMTP server. You see, emails never go directly from your outbox to someone's inbox. They move from server to server until they find their way to their destination. Each server keeps a copy of the email until it is forwarded to the next one.

5. SMTP servers are computer programs and they can be programmed to do malicious or unusual things. For example, a law enforcement agency could, in theory, program an SMTP server to make a copy of any emails directed to a particular person, and send those copies to their office.
   
   A hacker could, in theory, program an SMTP server (or examine messages coming across the wire) to look for series of characters that looked like credit card numbers (they are pretty obvious). These email messages could be directed to the hacker's own mailbox, thus giving him a steady supply of income.

6. At any of these SMTP servers, the email could be examined by anyone who has access to the email system. The internet "wire" could also be "tapped" and the email message captured on the fly (this is highly unlikely but it is possible).

7. Since software is simply a series of rules created by human beings, it is possible for an SMTP server to misunderstand how to route your email. Thus, a message could be sent to the wrong recipient (this has happened to me a few times) or to the wrong SMTP server.

8. There is no guarantee that the person who receives a message is actually the person who is the intended recipient. Someone else could be using their email client, for example, or an SMTP server may have misdirected the email to the wrong inbox. In this case it works exactly like the post office - the mailperson puts the mail in your mail slot, but he does not guarantee that you will be the one who picks up the mail.
   
   And since most emails are just text, they can be read by whoever happens to receive them without any problems.

9. Naturally, once an email is receive it is stored on the hard drive of the recipient. They are usually stored in text files (for normal emails) or in the Temporary Internet Folder (for web based emails). 

10. Of course, once someone does receive an email he or she is free to forward that email onto just about anyone, starting the whole process over again.

11. At any point in this entire scenario, the email message can be backed up or archived. In this case, it can be recovered later and delivered to the wrong person.

So please, the next time you send those highly personal messages remember that they can be read by anyone. You have no way to know where these things wind up or how long they will last. The could pop up anywhere at anytime with a vengeance.