Your Internet Consultant - The FAQs of Life Online
Anyone between your host computer and your message's destination can intercept your e-mail. Your system administrator or the administrator at the receiving end could read it. For that matter, a clever cracker or sysadmin anywhere along your mail's path can easily intercept and read your message.
The good news, before you get too paranoid, is that there is a lot of information traveling through the wires, and there's precious little reason for anyone to intercept your mail. How much information? Late in 1993, the National Science Foundation calculated that over 500 megabytes of information travel through the network backbone per hour, and 17 percent of that traffic was electronic mail. If we assume that the average e-mail message is about 1,000 bytes (10-15 lines), about 8,800 e-mail messages go through the network each second. If you are a rabid e-mail user and send a message every ten minutes, you're still less than a teeny drop in the bucket.
As a result, although I know that there's a chance that my e-mail could be monitored en-route, the odds of it happening are infinitesimal, and I certainly don't average one e-mail message every ten minutes, either!
Note: Here are some UNIX-centric notes from Dave Taylor
on keeping your incoming mail files free from prying eyes:
One of the few files that contains information you'll doubtless want to keep
private is your incoming mailbox. Stored, typically, in either a shared
directory called /usr/spool/mail or /usr/mail, mailbox files
share the name of their associated account. My account is taylor, so my
mailbox is /usr/spool/mail/taylor, and Kevin goes by waffle on
one machine, so his mailbox is doubtless /usr/spool/mail/waffle on that
machine. The good news is that most systems have things set up exactly as you
would want: your mailbox can be read and written by you and by the program that
delivers mail but by no one else. You can check the permissions of your mail
file by typing ls -l /usr/spool/mail/$LOGNAME. The permissions should be
rw------- or rw-rw----. If they are something different, ask your
system administrator to ensure that things are configured correctly; in this
situation a quick e-mail message to your administrator can save some unpleasant
situations later.
Even with this security, however, a directory and file that's beyond your
control is a potential problem, so a good strategy if you receive sensitive
electronic mail is to immediately save it in a mailbox file in your home
directory. I must admit that I don't do this because I end up forgetting about
saved mail messages (I receive so much electronic mail each day; about 100
messages or so arrive on a daily basis and the volume is gradually
increasing!). A bit of self-discipline on your part, however, and you should be
able to use this strategy with nary a problem. An even better solution is to
download confidential mail to your local computer. Anytime that I receive a
mail message that must remain private, I make a copy of it on my Macintosh and
delete the original on my UNIX host.