Software

Possibilities:

1. You can set up an email profile on ANY number of computers for a given user. If someone else knows a specific user's email account ID and password, that account is obviously vulnerable. You would never know if someone else was reading your email if your password has been compromised.

2. Who controls the mail server? Is it an internal email server or is your email being hosted by an ISP? An unscrupulous email administrator is always a security risk. And someone with administrator privileges would probably be able to read any email sitting on the server.

3. Are you using Internet email or are you connected to an Exchange server? If you are using Internet email, since all email is saved in a user's .pst file on a specific computer, the vulnerability exists only on incoming email that is new since the "intruder" established his "connection". The "intruder" would not be able to see any outgoing email. If you are using Exchange, and all mail is saved on the Exchange server (vs. individual .pst files), an "intruder" (or unscrupulous administrator) would be able to see EVERYTHING (incoming, outgoing (through the Sent Mail folder), and any saved emails).

There isn't much you can do about an unscupulous administrator unless you can catch him in the act unless you start encrypting sensitive email. You can do this by either using the built-in encryption capabilities of Outlook (but which requires you to acquire a certificate from a valid Certificate Authority (such as Verisign), or by using third-party encryption software such as PGP (which unfortunately is no longer being supported or sold by Network Associates).

You can do things about compromised passwords. Change them on a regularbasis. Make sure they are strong passwords. Don't share passwords.

These vulnerabilities are not endemic to either Outlook or Exchange but really are of a general nature.

This question was closed by the author