Originally posted here by nihil

If the server was restored for some reason, that would presumably reset the flags?
Yes I agree but I think that the company would have let the users know. Atleast if it concernd data that might have been changed.

It is the resetting of opened messages to "unread" that I am having difficulty with. Not the "how" but the "why"?
I've been "struggling" with the same thing. Why would anyone reset it? It makes no sense.



As to finding out who did it. Something like Neptune0z suggested might be good. You could just stash a document or a file somehwere on a server. Then just mail the url to yourself and wait for him/her to bite. I've heared that you can install a feature that enambles IP logging. If you combine this with a file that no-one knows about besides you and in the future a possbile hacker you can easely find out the hackers IP. This in combination with an whois of some sort ( come on guy's I know you have some sites for this ) could atleast give you a hint in towards the hackers location/identity.
For example if you know his ISP you could find out wich of your friend, co-worker or someone you suspect uses and compare it with your results.

Again just my 2 pence.

DakX