The way this works is like the spam you probably receive daily that either carries a link to connect you to a website, (the old "click here for more information"), link or those emails that look like a web page when you open them...... That's because they often are.

Your email browser, (Outlook or whatever), sees the hyperlink in the email and automatically connects to the website the link points to to save you the enormous trouble of doing it yourself. It acts just like a web browser at that point. To get the web page or any part of it, (a picture or whatever), it sends a GET command to the web server. Good web server administrators log every connection to their web server so they can see what is going on and every GET is recorded with the date, time, IP address, (which is the address of the computer that made the request), and a whole bunch of other information.

Knowing this you can craft an email that attempts to GET something unique, (that may not even exist), from a web site that you have access to the logs on. You can then search the log files for the GET request for the unique item. If there is a request for that item and it doesn't match the date and time that you read the email, (if you did), then you know someone else read the email..... Ahah..... So now you know that someone other than you is reading your email. OK.... The logs also contain the IP address of the person's computer who tried it. Since we suspect someone at work is doing it we can go to our work computer and open the email ourselves. The log will now show your IP address at work. If it is the same or very similar then you now know that someone at work is reading your email and, more importantly, you can prove it by providing the log files to your systems administrator, Human Resources and the owner/CEO of your company. Why human resources and the CEO? Because one of them may be involved or sanctioning the activity but the chances of all three being "in cahoots" is minimal so your "rear" is covered.

It will then be up to the systems administrator to uncover the perpetrator, (whether he likes it or not..... ).

This probably sounds all very complicated. It isn't really. You probably know someone who could set all this up for you and host the web site on their home computer temporarily. Ask your friends if they understand this. When they have set it up run a test, read an email to yourself and see if he can tell you when you read it. Hey, you might even catch the person right there if it works right the first time.

Good luck, and ask away if you have any other questions or something here isn't clear

PS: This isn't going to work if you change your password and don't tell anyone. It also won;t work if you have signed a user agreement at work that says that they reserve the right to "spy" on you..... 'Cos the system admin might have been instructed to read every email every day per company policy that you haven't seen.