Over the last 15 years, the Internet has revolutionized legitimate business communications supplanting the venerable fax machine and creating its own marketing infrastructure. Nowhere is that revolution more prevalent than in the wide acceptance of e-mail as a way to maintain communications between individuals and corporations.

The ability to attach documents and instantly transfer them from one site to another is an incredible time and money saver. It's also a wide open invitation for unscrupulous people and organizations to harvest the information that is so freely transmitted from site to site.

Because e-mail is so prevalent and accepted it's taken for granted that unless there's some sort of "virtual wiretap," the information that flows over the Internet is secure and accessible only to the sender and receiver. That explains why sensitive information is sent without hesitation over the wire. And yet, access to a company's mail system is a lot easier than most people realize. Even the simple fact of knowing that individual A is in contact with individual B can be of paramount importance in our litigious society.

Reading other people's mail has become an industry in itself. Going to Google and typing in "Sniffing Tools" will bring up over a million and a half sites that offer software that allows people to "sniff" out various activities on any network. These include packet analyzers, penetration testing, packet capture, encryption analyzers and breakers and many more.

At Risk Mail
When is the mail most at risk? To be honest, e-mail is always at risk. It can be read while in transit over the Internet, it can be read from the LOG files in the servers at either end of the transmission, and it can be picked up in the recipient's e-mail server storage. It's important to understand that unlike regular snail mail or the older fax machines, e-mails don't have a physical form that requires copying for reading. On the Internet, all data is instantly digitized and can be reassembled into its component parts anywhere it lands or is picked up.

E-Mail 101
To understand how accessible e-mail is, a brief explanation of the system is in order.

When a sender sends a message to a recipient, the following steps occur:
The mail goes from the sender's computer through a client system (Outlook) to the sender's mail server (SMTP Service). The default configuration in most cases is a plain vanilla SMTP protocol that sends the e-mail over the Internet in an unencrypted format.

This is the easiest stage for an e-mail reader to use the "sniffing tools" that are so widely available. They can be installed in a number of ways on the e-mail sender computer by using available viruses from the Internet.

Sniffer has become a special name for network monitor and analyzer software; it also usually stands for a means of collecting data and information. ISS defines sniffer as a tool that uses the network interfaces of a computer to capture data packets whose destination is other computers. It's clearly a high jacking tool thinly disguised as an analytical tool.

The e-mail goes from the sender's computer to an ISP server, again using an SMTP service. Here the risk of interception increases because a sniffer can be installed by a virus or the ISP itself is monitoring the e-mails that go through its servers for legitimate reasons or otherwise. There are parts of the world where e-mail monitoring is a government prerogative covered by specific laws. China and the United States regularly keep an eye on e-mail traffic to catch subversive activities. Recent legislation makes it very clear how important access to e-mail services is in collecting data used to ferret out conspiracies.

ISPs also regularly capture e-mail addresses to promote spamming activities. Face it, spamming is a form of advertising, and the more contacts you can dish up, the more you get paid. The quality of the contacts is irrelevant because we're dealing in numbers. Recent techniques in spamming let unscrupulous advertisers actually mimic users' current recipients and trick them into opening the mail rather than just trashing it.

At this point the e-mail is entirely visible to anyone who has redirected it and is monitoring the server. Even more significant is the fact that unencrypted attachments can be picked up. The two next steps involve sniffers when the e-mail goes from one server to the next, where they often reside for a while before being picked up, opened, and read by the recipient client (Outlook).

In other words, where SMTP is used, the e-mails are vulnerable if not encrypted.

Travel Light Hint
There's one place where we can almost guarantee that your e-mails will be reviewed unless you take precautions, the Cyber Café where you buy time to check on your e-mails. That is a prime area for infection because the computers are open to everyone and access is unlimited. The person who infected that computer can read your passwords and any other information that you type in including credit card information or any confidential documents you send or receive.

Just keep in mind that viruses have been designed to copy data packets, search for passwords, create activity log files, and send the information they harvest to whoever installed them to find that data.

Places You May Not Think About
Curiosity is an insatiable thirst and people wanting to know you will go to almost any length to get the smallest detail. Each mail server that your mail traverses has a LOG file that notes its passage. These LOG files are quite innocent since they are used for legitimate reasons such as checking server usage, statistical analysis of traffic and doing routine maintenance. The LOG files identify problem areas in delivery, speed, and usage.

The problem is that the e-mail server LOG files note where the mail came from and specifically identifies the exact computer that generated the message, how big the delivery was, and which specific computer picked up the message. Note, it doesn't just identify the recipient e-mail address. It provides the name and location of the actual machine that was logged in to get that message. In a very real sense, it tracks where the two parties were at a specific time. That kind of information can't be bypassed or modified since it's generated at the protocol level and can't be cheated (Figure 1).

So anyone with access to either the recipient or sender's server can access those LOG files. Those files provide a complete communications history (Figure 2).

Recipient E-mail Server
E-mails that arrive at the recipient's server are stored there until they are downloaded and processed. These storage folders are as open to attack as any other section of the e-mail process except for one critical difference, the mail in that server usually stays there in unencrypted form for a long time.

In a POP3 protocol server the mail has a shelf life of several hours to several days, the IMAP protocol allows for several months of storage before being deleted. So anyone with access to the recipient's server has all the time in the world to read the mail.

To make a very simple comparison to snail mail, you put a letter in the mail and unscrupulous mail carriers can access it as long as it's their system. Once they drop it off in your mailbox, anyone with a criminal intent can access it.