There are nine common threats that affect the personal, private and confidential nature of Email communications.

Email Privacy Threats

Email Security Threats

The entire document is available in Adobe's pdf format Reducing Email Threats

Reducing Email Security Threats

Insider Email Snooping and Theft

The majority of today’s Email solutions allow system administrators complete access to your Email account and credentials (username and password), which allows them to read, edit and delete your Email messages without your knowledge. This unfettered access also allows system administrators to send Email messages as though they came from you. MyMail^SM is configured to prevent unfettered access by system administrators. For instance, a system administrator cannot access your Email account by simply resetting and restoring your password.

MyMail^SM provides several different configuration options, including password management. For security reasons, however, password management options are only configurable at system installation time. The password management configuration options allow system installers and administrators to configure their mail servers for various password management scenarios, which include:

The ability to allow a system administrator to set or reset individual passwords as they please;
The ability to reset an account password based upon a “universal” reset password;
The ability to prevent a system administrator to set, reset or recover user account passwords.

Options 1 and 2 provide detailed audit trails for password changes made by system administrators. Option 3 provides the ultimate security by allowing only you to change your password; thereby eliminating a system administrator’s ability to gain unauthorized access to your email messages.

If at installation time the “universal” reset password is set and enabled, the system administrators is allowed to reset a user’s Email account to the preset universal password, but they are not be able to restore the user’s password back to its original password. This prevents a system administrator from accessing your account without your knowledge. In addition, MyMyMail^SMMail tracks password reset and reactivation (with a new password) in two ways. First, by entering the password reset or reactivation dates and times into a secure table that each user can inspect. Second, by sending email notifications to the Email account holder and their secret designees notifying them of dates and times the user’s Email account was reset and reactivated. These password and account access control mechanisms thwart threats of “inside snooping” that have cost many businesses millions of dollars.