email question

[Tiger Shark]

Lucy:

The way this works is like the spam you probably receive daily that either carries a link to connect you to a website, (the old "click here for more information"), link or those emails that look like a web page when you open them...... That's because they often are.

Your email browser, (Outlook or whatever), sees the hyperlink in the email and automatically connects to the website the link points to to save you the enormous trouble of doing it yourself. It acts just like a web browser at that point. To get the web page or any part of it, (a picture or whatever), it sends a GET command to the web server. Good web server administrators log every connection to their web server so they can see what is going on and every GET is recorded with the date, time, IP address, (which is the address of the computer that made the request), and a whole bunch of other information.

Knowing this you can craft an email that attempts to GET something unique, (that may not even exist), from a web site that you have access to the logs on. You can then search the log files for the GET request for the unique item. If there is a request for that item and it doesn't match the date and time that you read the email, (if you did), then you know someone else read the email..... Ahah..... So now you know that someone other than you is reading your email. OK.... The logs also contain the IP address of the person's computer who tried it. Since we suspect someone at work is doing it we can go to our work computer and open the email ourselves. The log will now show your IP address at work. If it is the same or very similar then you now know that someone at work is reading your email and, more importantly, you can prove it by providing the log files to your systems administrator, Human Resources and the owner/CEO of your company. Why human resources and the CEO? Because one of them may be involved or sanctioning the activity but the chances of all three being "in cahoots" is minimal so your "rear" is covered.

It will then be up to the systems administrator to uncover the perpetrator, (whether he likes it or not..... ).

This probably sounds all very complicated. It isn't really. You probably know someone who could set all this up for you and host the web site on their home computer temporarily. Ask your friends if they understand this. When they have set it up run a test, read an email to yourself and see if he can tell you when you read it. Hey, you might even catch the person right there if it works right the first time.

Good luck, and ask away if you have any other questions or something here isn't clear

PS: This isn't going to work if you change your password and don't tell anyone. It also won;t work if you have signed a user agreement at work that says that they reserve the right to "spy" on you..... 'Cos the system admin might have been instructed to read every email every day per company policy that you haven't seen.

[Zonewalker]

which is all very well.. but can I just point out something that folks seem to have forgotton. If this is an employers email account which you are using then you shouldn't be using it for personal emails at all, your boss has every right to ask you for your account password (and expect to get it) and you have very little right to privacy as regards emails sent using company equipment and time.

Foxyloxley and SirDice I'm afraid in a business environment there are reasons for people higher up than you to know your passwords

However Lucy if this person is lower down the food chain than you so to speak and if they do not have authority to view your emails, then company policy should be able to put a stop to them and yes they should be reported (and IMHO disciplined)

Z

[Tiger Shark]

Zone:

then company policy should be able to put a stop to them and yes they should be reported (and IMHO disciplined)

In my company this would probably be a firing..... The policy states clearly that "users are not to attempt to access areas of the network that they are not specifically authorized to do and, should they find they have access to something they believe they shouldn't, they are to report it immediately to IT staff". So if this chap is not specifically authorized to be looking at Lucy's email then he has transgressed another piece of our AUP too. That being "If a user partakes of any activity deemed by the Agency MIS as "hacking/cracking" be it against internal assets or assets belonging to organizations outside the Agency then disciplinary action will follow up to and possibly including termination".

Yes.... I like to keep my cute little butt covered.....

[SirDice]

Originally posted here by Zonewalker
which is all very well.. but can I just point out something that folks seem to have forgotton. If this is an employers email account which you are using then you shouldn't be using it for personal emails at all, your boss has every right to ask you for your account password (and expect to get it) and you have very little right to privacy as regards emails sent using company equipment and time.

Foxyloxley and SirDice I'm afraid in a business environment there are reasons for people higher up than you to know your passwords

In my country there are privacy laws that prevent this. You are allowed to send personal email and the boss is not allowed to read them.

And why would they need to know my password? If, and only if, they have legitimate reasons to access my account, they can always a) reset my password b) ask an administrator to give them the proper access. If they don't have legitimate reasons I can sue my boss for invasion of privacy and win

[Zonewalker]

In my country there are privacy laws that prevent this. You are allowed to send personal email and the boss is not allowed to read them.

And why would they need to know my password? If, and only if, they have legitimate reasons to access my account, they can always a) reset my password b) ask an administrator to give them the proper access. If they don't have legitimate reasons I can sue my boss for invasion of privacy and win

yeah but you're in the netherlands you lucky bastard! We all know how 'relaxed' your laws are It depends upon how your government interpret the EU privacy laws -which in your case is in your favour - we're not so fortunate in the UK... however having said that it also depends upon the company policy in place (like Tigers for example) which of course you agree to when you join the company. But I agree its very much a company/country issue.

As for legit reasons why a superior needs your password - the legit reason is that said superior is your boss and he/she needs to know what his/her employees are doing to ensure that your work is the best for the company etc. Don't forget in the working environment the company pays for your time, the equipment you use, the T1 line you've got leased etc.... at a fundamental level if you use emails/internet for personal reasons within your working hours and against the AUP then you are effectively stealing company resources i.e. a criminal act. If you use them outside of working hours (like I am now) then either your company has agreed to you being able to do that (like mine has) or it hasn't (in which case you then are effectively stealing company resources again).

I probably haven't explained the above too well but then i'm off for a pint or two in a couple of minutes... just be thankful you live in a country where you can still claim the greater part of your privacy - you're not always able to do that in certain parts of the US.

Anyway... I'm off have fun y'all

Z

PS Tiger...always a good idea to keep your butt covered

[lucy]

I really appreciate all the help. Let me explain the set up alittle better. My company's email account is networked with a another company's. The other company houses the administrators and support techs. We can access our email accounts from computers outside of the office (i.e. personal computers) and that's where I think this person is getting into my account. The reason I think that is because our office is not set up for much privacy. If he was spending time logging off his computer to log on mine then I feel fairly certain someone if not myself would have noticed. I know this is really wierd. Have you guys ever heard of such?
Thanks so much!

[swarisd]

First of all, your manager having you and others to give your password to an assistant is a no no. This is a bad way to ensure email from customers and clients can be accessed. The preferred method is to create a distribution list and give the distribution lists email address to the customers/clients. Then there will be no need to give out passwords to access your email. Also, asking the assistant if he/she is accessing your mail is your duty. You need to find out who's doing it or change this troublesome policy your department has.

If I were you, I woulld talk your manager into changing the policy on password sharing, change yours and get the email admin to create distribution list for you guys. Situations like this will come back to bite you in the long run.

[WarTux]

How can you be so sure that someone is reading your email?
And if so, you should change your password.
So if they are they cant log back in under your account.
Or maybe try a different server.