can an admin read user's mail

[oeps]

hi all,

A friend of mine offered me to host my domain. He is using cPanel.
I use e-mailaccounts of my own domain.

If I move my domains (including mailaccounts) to his little company, will he be able to read my mail (incoming and/or outgoing)?

Thnx in advance,
.:: Default ::.

[eth00]

cPanel won't let you login to webmail without the users password.

That being said the emails are all stored on plaintext on the filesystem of the server. It is very easy to read them that way if he had any desire to. He also could just make a copy and put them into his mailbox to read.

Ethical, no. Possible, yes.

You could always encrypt your emails but that only works if both parties do it. Another options is using google apps for email.

[oeps]

thank you Eth00,

If my (and my wifes!) private mail will be stored in plain text on my friends server, I have to trust him more than I tend to do ...

I rather look for an other hosting provider.

[cpanelinfoseeker]

thank you Eth00,

If my (and my wifes!) private mail will be stored in plain text on my friends server, I have to trust him more than I tend to do ...

I rather look for an other hosting provider.

Any host can read anyone's email if they choose to. I'm busy enough with my own emails, I don't want to read anyone elses email, but there are times in troubleshooting where an admin may need to test the server or an individual account, and possibly send from, and verify reception to a particular user account that is having problems. While this is fine to do, the wrong email may be opened occasionally, but I hope most hosts have a higher respect for their firends and clients than to intrude just for their own curiosity.

You are probably a better judge of him as you know him, but is a stranger who might read your mail any better?

Ron

[Spiral]

Email was never really designed with security in mind ....

The original form had no password encryption and did not allow
for any file attachments and stored everything as plain text
which is also how it was transmitted between servers across
the internet out in the open for any administrators and anyone
with the proper know how to intercept and read as they wish.

Today, tighter security options have been added to the authentication
to be able to send and receive but the actual messages themselves
are still stored as plain text files on the servers and are still transmitted
in plain unencrypted text.

There are ethics and legal grey areas regarding administrators
reading email particularly arbitrarily without a legitimate reason
to do so but as for the technical answer to your question ---

Anyone with administrator access to the server machine where your
email account is located, the sending server, the receiving server,
or any handling point in transit in between can very easily read
any email you write without the need for any password or any
kind of restrictions whatsoever, totally out in the open.

I am respected and trusted globally and personally advise probably
close to half the hosts out there and am in a very unique position
and I can tell you that this is indeed one area I agree that there
should be more security knowing first hand how things operate.

On the flip side of that coin, if servers couldn't read messages even
in a limited automated capacity, there would be absolutely no way
to prevent spam and you would probably see bulk junk mail expand
exponentially unless you moves to a pure whitelist system. In the
same vain, it would make it more difficult to track abuses such as
terrorism, hacking, or other illegal activities and these are likely the
primary reasons that email has been left the way it is to date.

Generally speaking though, most administrators will not sit there
and read your email messages unless you have done something
very naughty putting you under investigation and there has been
a request from law enforcement. At most administrators are
usually only concerned with keeping spam out of mailboxes and
really nothing more beyond that.

If you don't trust someone in particular who is handling the server
where your mail is being handled --- don't use that service!

If the people you send to are willing to handle encryption themselves,
you might consider setting up an encryption package such as GnuPG
which will encrypt mail before you send it and will remain encrypted
until the recipient decrypts it with their own decryption key.