On 12/14/2010 11:43 AM, Randy Ramsdell wrote: > Jeroen Geilman wrote: >> On 12/14/10 4:04 PM, Randy Ramsdell wrote: >>> Matt Hayes wrote: >> >>>> >>>> >>>> BCC'ing all of your user's email is unethical IMHO. Scan outgoing and >>>> incoming email for spam; done. That way you aren't compromising your >>>> users' private information nor possible security to your clients. >>>> >>>> -Matt >>> >>> Not unethical or compromising private data. If the information can be >>> sniffed unencrypted on the wire it is already compromised. Most email >>> administrators already have access to mail stores where the same data >>> is stored unencrypted. A company's mail server and storage is not for >>> personal use and anyone sending e-mail they want to be private should >>> not use public/unecrypted methods. >> That is an unwarranted assumption. If the OP provides email hosting, >> then he is certainly bound by fairly strict privacy laws. >> Nothing in the above suggests this is solely for professional use. >> > > You are correct and should have keep my point more narrow in purpose. > But I meant to express something similar to... BCC'ing is not unethical > unless you read all the mail. I could easily BCC all the users mail and > simply maintain a copy. It is the same as having root access to the mail > store which I think the OP does.
My point is more along the lines of "Why would you need to see email to ensure that your users aren't sending out spam?" That's a ludicrous reason to pose. If you have reports that a user is sending spam, turn them off. Reading email to see if they are sending spam is just out right unethical imho. Most email, albeit not completely 'secure', is assumed by the client to be 'protected' from prying eyes once it is sent or received. There's no reason to go digging through a user's personal life, which email is to most, just to prove they aren't sending spam. -Matt
