Your Internet Consultant - The FAQs of Life Online

12.5. Who could be reading my e-mail?

Answered by Dave Taylor (taylor@netcom.com)

Anyone between your host computer and your message's destination can intercept your e-mail. Your system administrator or the administrator at the receiving end could read it. For that matter, a clever cracker or sysadmin anywhere along your mail's path can easily intercept and read your message.

The good news, before you get too paranoid, is that there is a lot of information traveling through the wires, and there's precious little reason for anyone to intercept your mail. How much information? Late in 1993, the National Science Foundation calculated that over 500 megabytes of information travel through the network backbone per hour, and 17 percent of that traffic was electronic mail. If we assume that the average e-mail message is about 1,000 bytes (10-15 lines), about 8,800 e-mail messages go through the network each second. If you are a rabid e-mail user and send a message every ten minutes, you're still less than a teeny drop in the bucket.

As a result, although I know that there's a chance that my e-mail could be monitored en-route, the odds of it happening are infinitesimal, and I certainly don't average one e-mail message every ten minutes, either!

Note: Here are some UNIX-centric notes from Dave Taylor on keeping your incoming mail files free from prying eyes: One of the few files that contains information you'll doubtless want to keep private is your incoming mailbox. Stored, typically, in either a shared directory called /usr/spool/mail or /usr/mail, mailbox files share the name of their associated account. My account is taylor, so my mailbox is /usr/spool/mail/taylor, and Kevin goes by waffle on one machine, so his mailbox is doubtless /usr/spool/mail/waffle on that machine. The good news is that most systems have things set up exactly as you would want: your mailbox can be read and written by you and by the program that delivers mail but by no one else. You can check the permissions of your mail file by typing ls -l /usr/spool/mail/$LOGNAME. The permissions should be rw------- or rw-rw----. If they are something different, ask your system administrator to ensure that things are configured correctly; in this situation a quick e-mail message to your administrator can save some unpleasant situations later. Even with this security, however, a directory and file that's beyond your control is a potential problem, so a good strategy if you receive sensitive electronic mail is to immediately save it in a mailbox file in your home directory. I must admit that I don't do this because I end up forgetting about saved mail messages (I receive so much electronic mail each day; about 100 messages or so arrive on a daily basis and the volume is gradually increasing!). A bit of self-discipline on your part, however, and you should be able to use this strategy with nary a problem. An even better solution is to download confidential mail to your local computer. Anytime that I receive a mail message that must remain private, I make a copy of it on my Macintosh and delete the original on my UNIX host.

Table of Contents | Previous Section | Next Section