Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!cs.utexas.edu!usc!apple!bionet!synoptics!sblair From: sblair@synoptics.COM (Steven C. Blair) Newsgroups: comp.mail.misc Subject: Re: Mail security Summary: someone finally got it RIGHT !!!!(thanks Danny) Message-ID: <21787@mvis1.com> Date: 2 Aug 90 01:33:24 GMT References: <899@lot.ACA.MCC.COM> <1990Aug2.003210.24459@cs.umn.edu> Organization: SynOptics Communications Inc., Mt. View, Ca. Lines: 104 In article <1990Aug2.003210.24459@cs.umn.edu>, iacovou@cs.umn.edu (Danny Iacovou) writes: > > i think that all this talk about postmasters reading mail is rather 'stupid' > (net ethics stopped my from using other phrases). first of all not only the > postmaster but anyone with root permissions can read your mail. second staff > ethics prevents us from doing so. i am a postmaster, but i don't go reading > other peoples mail. sometimes when mail bounces my way i try extremely hard > to make sure i don't scroll the mail past the headers and into the body (i > honestly try not to read a word of mail). i think that this is probably true > for 99.9999999% of all postmasters (and staff members for that matter). > > secondly this point should be obvious to anyone who has been a system admin. > staff members just don't have the time to spend all day reaading mail which > doesn't concern them. i received 734 pieces of email in july that i felt > were worth keeping. i read threw three times that much mail each month. i > don't need to read anymore mail. (i am 100% sure that other postmasters > have the same problem) > > in short anyone who might think that postmasters are around just so that > they can read mail as it travels threw thier sites is just being 'stupid' > (postmasters are free to replace the stupid with any other words they might > be thinking of:) ) There's a lot of credence in what Danny has to say and I for one am glad that someone said it(I was getting ready to). Regardless of content of the message it is flowing through your site(like blood through your veins), It's not morally up to me, or for that matter to *YOU* to know what's in the email/netnews/mmdf/x.400(or this weeks' new email protocol) that flow through your site(or mine!!). Has anyone besides me see a copy of the "Electronic Privacy Act"???? I'm almost sure (memory fades now), that electronically transmitted material is *not public* domain. Nor does anyone but the FCC, and the courts have the right to decide the context of the transfer media. I don't read your USMAIL because the postman on "our" street is too lazy to learn to read addresses. It`s not *my business* !! Period. If you know that you're going to be moving sensitive, confidential materials between your site, and "foo", then take the time to setup UUCP *straight* to them if you're worried about some unscrupulous type(read 0.00000001 % sleazy system administrator) getting a copy of your email, and reading it. Or, if you and some other Internet site are going to be exchanging confidential materials, then do a straight smtp(uucp over tcp) to their site, or ftp the bloddy stuff and get it off-of email. Period. There's an awful lot of net.bandwidth being wasted on a subject that less than 0.00000001 % of the *QUESTIONABLE ADMINISTRATORS* out there may/may not be doing. There's a 99.99999990 % group who's trying to make things acceptable to everyone, and we don't all situp every night trying to figure out how to get at "so & so's" email coming through "my" site. Set a precedent. Let Email Flow. The phone call you make with my email could just as easily be the phone call I later make for you. See, once upon a time, there were few of us in this glorius thing called "unix". We were all over the place, with not a chance in hell of communicating with each other. Then there was UUCP, and the obvious question, "do I call you, or do you call me??" And *we didn't worry about the issue*, we respected each other as indviduals, and as professionals, so that I wouldn't do to you, what you wouldn't do to me. The rest is history, and would go on for some time. True, there's folks morally breaking the very code we all have lived with for some time now. KARMA is a wonderful thing, and I believe that they'll get their's in the end. Period. But, you may say that I'm out of touch, and mis-guided! So what. I don't read the email of users who've left to go to another company. Never have never will. I delete their accounts, and my "deleteuser" script also deletes all copies of their mail, and checks the queue to insure that all of it is gone. I average about 1200 messages per week. 80% are from internal users, 20% from other places. Take someone like Eliot Lear, who unselfishly moderates/ collects votes, runs many email lists, and he may have 2000+ per week. Now multiply in your minds 4 weeks of traffic. Yeah, we're talking 4-10000(!!) messages potentially per month. Many folks I personally know get that type of volume, and you can damn sure bet, yep, they're postmasters. Now, do we really have time to read your piddly message? No way. But at a site that only gets 400 messages a month, the potential is there for abuse. That may be where someone mistakenly got the impression about sleaz-admins reading your message. SO, MAKE SOME HISTORY, DON'T READ WHAT'S NOT ADDRESSED TO **YOU**. -- Steven C. Blair Network Operations Center SynOptics Communications Inc. Mountain View, California INTERNET: sblair@synoptics.com sblair@nevdull.synoptics.com PROBLEMS/EMAIL: HOSTMASTER@SYNOPTICS.COM postmaster@synoptics.com