Exchange email eavesdropping issue

Question

Is there a way for someone (like admin) to see, forward or delete user's emails? We are using exchange and outlook client, and suspect that someone with in the company might be eavesdropping into people's emails. Is there a way to find out? thanks!

Answer 1

Yes, this is possible (even trivial for someone with a domain admin or organization management account) to read someone else's email, and as mentioned in the comments, there are so many ways to do it that there's no great way to eliminate or track it.

The standard solution is to enable auditing on accounts with elevated privileges, so you could see (for example) what mailboxes an organization management account logs into, but that only detects snooping done that way. A domain admin could always snoop via the administrative share on the client machine (or any number of other ways on the client machine), a network admin could always sniff the traffic on the switches, etc., and frankly enabling all the audit logging needed to detect this is not remotely feasible.

Using audit logging on high-access accounts, coupled with email encryption (such as PGP) provides a pretty good solution, but ultimately creates problems when you have to trust someone with the encryption keys (or rely on the users to keep them safe and backed up, which never works) and trust someone with the audit logs anyway - they don't do much good when the same admin(s) who might be snooping your email also administer (and can alter) the audit logs. And again, there are other ways to do this too, that won't be captured by standard audit logging.

With email in particular, the problem is that the data is unencrypted at all times, so it's really more like a postcard than a piece of mail. There are any number of people on the internet that could be reading your email as is goes from the source system to the destination system too, so if there's anything that important or confidential, you shouldn't be communicating it over email in the first place, at least without using some encryption.

Setting up a system to work around all these problems is possible, but very expensive and difficult to maintain, so really, the best solution is having admins you trust. It is the nature of an administrator or root account that they can do anything on the computers they have that access level on. If you can't trust the people with these accounts, you have a fundamental problem.

It's really no different than, say, trusting your HR people. How do you know they're not reading through your personnel file and snickering about the medical/benefits claims you put in? You don't - same deal with your IT personnel. If you can't trust them, you either have a problem with your people, or a fundamental problem that might be summed up as "trust issues."

Answer 2

Assume that your systems administrators have full, unrestricted and non-accountable access to your mail.

Maybe I'm a cynic, but having built so many mail solutions, I've been asked by principals to do all sorts of things related to email (deleting messages, monitoring specific users, etc.)... to the point where they obviously understood that I could see everything.

So no, you probably don't have a nice way to find out, but if you don't trust the people with that elevated access, you have a bigger problem.

(you can always bring in a third-party to assess this, but again, that's a larger problem)

Answer 3

Simple answer, yes it is possible.

As long as someone has permissions to another user's mailbox or administrative rights on the domain where the Exchange server runs it is very easy to view, edit, send as, etc from any user.

Of course this doesn't eliminate the possibility of compromised accounts or other security failings along the way that could be occurring.