Now that a very high percentage of written communications are sent via email, confidentiality and security of email contents take on enormous importance. Here we touch on just a few aspects of this security issue. Our observation is that human error, both by the individual transmitter of email and by whoever is in charge of email procedure, is the most prominent source of security leaks after interception by national intelligence services.
E-mail traverses the internet in a series of hops from one server to another until it reaches your ISP (Internet Service Provider) from whose server you download it. At any one of the intermediate or end servers it can be read, diverted or stored. Sometimes this is the inevitable consequence of normal practice. E-mail stays in your POP account until you download and delete it. These are not the same thing. If you read your e-mail at various locations, you might wish to leave it in your POP account for download to a single archive before you delete it. While stored in your POP account, it can be read as plain text by anyone with legitimate or abusive access to the server. Furthermore, these servers are backed-up by any good ISP, and backup tapes, with your e-mail recorded, can remain archived for years.
Every good ISP offers the option to have copies of incoming e-mail sent to a second or third recipient. This is extremely useful for business purposes, but of course someone with access to your ISP's server can just as well divert a copy of all your e-mail to an address unknown to you. Here you depend on the soundness of your ISP, usually without problems. ISPs are, after all, very concerned to protect the interests of their customers in today's competitive environment.
E-mail completely incorrectly addressed might be delivered to an unintended recipient but most likely ends up in a bounced e-mail buffer on your ISP's server. These are usually deleted periodically but could of course be read. If the domain name is correct but the specific recipient is incorrect (for example instead of ), the message usually goes to the webmaster of the corresponding web site if no other default maildrop is specified. From our own experience, we can provide three anecdotal examples of persistently incorrectly addressed e-mail that does go to unintended recipients. The first involves use of a country extension such as com.nz rather than .com. The senders of the e-mail don't know or forgot that the extension is not .com. Since the .com address in this example belongs to ammonet, we receive an unintended steam of e-mail with highly confidential attachments. As a goodwill service to the intended recipient company, we have aliased all of the appropriate e-mail addresses so that most of this e-mail is now automatically redirected to the correct recipient. A second example involves an incorrect return address configuration which the individual involved seems incapable of correcting, despite numerous requests from us to do so. Again, the unintended domain name belongs to ammonet and we receive frequent e-mails, with both personal and business attachments, sent by users who know the correct e-mail address but who have clicked the return button on their e-mail software. The third example is simply a matter of two hotel e-mail addresses that differ by a single hyphen. The two hotels continually received one another's communications because of the similarity of the domain names. Use of different reservation addresses doesn't help in this case because default mail is inevitably misdirected.