Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.3 alpha 5/22/85; site cbosgd.UUCP Path: utzoo!decvax!bellcore!ulysses!burl!clyde!cbosgd!mark From: mark@cbosgd.UUCP (Mark Horton) Newsgroups: net.news.adm Subject: Re: Reading someone else's e-mail Message-ID: <2022@cbosgd.UUCP> Date: Thu, 17-Apr-86 20:46:03 EST Article-I.D.: cbosgd.2022 Posted: Thu Apr 17 20:46:03 1986 Date-Received: Sun, 20-Apr-86 20:46:50 EST References: <228@cord.UUCP> Distribution: na Organization: AT&T Bell Laboratories, Columbus, Oh Lines: 58 Under normal circumstances, I won't read mail sent through cbosgd. It would be unethical to just go randomly browsing through the spool directory. However, there are times when I have to read it. Sometimes mail gets stuck here, and I have to read it to figure out who it's from and who it was supposed to be to, in order to try to deliver it. (The postal service does this too, at the dead letter office.) More often, a piece of mail is sent through cbosgd with an invalid To address AND an invalid From address. (Happens a few times a week.) The To address is bounced by cbosgd, and a message is sent from MAILER-DAEMON@cbosgd back to the sender. But since the sender address is also wrong, somebody else bounces this message, and it goes back to MAILER-DAEMON@cbosgd. In order to avoid a loop, that's forwarded to root, which is forwarded to me. So such mail gets dropped right into my personal mailbox. I have to read it to try to deliver it or return it (if I can.) Sometimes I can tell from a signature or a header what was intended. Given the anarchistic nature of UUCP, and the lack of any laws to the contrary, if the SA on a site, say hoptoad, chooses to read all the mail through that machine, there isn't anything you can do to stop them. While I consider such browsing unethical, I have to assume that some places will do this. So I sure won't send any mail containing company trade secret information via places outside the company. If it's REALLY secret, I won't use EMail at all, I'll use the phone or face-to-face contact. At the very least, I'll make sure there's a direct route to the other machine. People should also be aware that some versions of UUCP leave the files in /usr/spool/uucp unprotected. Any random user on the system can browse there, possibly even edit files. More recent UUCPs protect the spool files, but there are plenty of older UUCPs out there. So don't assume somebody is providing you a secure service when you send UUCP mail via a scenic tour of the world. While it may be unethical to browse, it's naive to assume that it won't happen, and your message may even legitimatly wind up in someone elses mailbox. By the way, there is a logging mechanism in smail which logs each message passing through: the sender, destination, and length. This log can be used to detect abusers of our phone bill. I don't consider this logging unethical at all, I don't consider it to be "reading of other people's mail." Also, during debugging, sometimes I tee a copy of every message passing through into a short-term log file; this permits me to reproduce bugs that may appear when they are pointed out to me shortly thereafter. I don't intentionally read this verbose log (which includes the entire message) but sometimes I see the message being complained about, and possibly some near it in the log. And yes, I know that the phone company listens to conversations sometimes, too, for the same reasons (monitoring line quality.) But I consider the phone network more secure, because it's more debugged, and because most of the monitoring is now done by programs listening for special tones and generic "voice", instead of people. Mark