Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

can an admin read user's mail

Discussion in 'E-mail Discussion' started by oeps, Nov 6, 2009.

  1. oeps

    oeps Registered

    Nov 6, 2009
    Likes Received:
    Trophy Points:
    hi all,

    A friend of mine offered me to host my domain. He is using cPanel.
    I use e-mailaccounts of my own domain.

    If I move my domains (including mailaccounts) to his little company, will he be able to read my mail (incoming and/or outgoing)?

    Thnx in advance,
    .:: Default ::.
  2. eth00

    eth00 Well-Known Member PartnerNOC

    Mar 30, 2003
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    cPanel won't let you login to webmail without the users password.

    That being said the emails are all stored on plaintext on the filesystem of the server. It is very easy to read them that way if he had any desire to. He also could just make a copy and put them into his mailbox to read.

    Ethical, no. Possible, yes.

    You could always encrypt your emails but that only works if both parties do it. Another options is using google apps for email.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. oeps

    oeps Registered

    Nov 6, 2009
    Likes Received:
    Trophy Points:
    Ok then ...

    thank you Eth00,

    If my (and my wifes!) private mail will be stored in plain text on my friends server, I have to trust him more than I tend to do ...

    I rather look for an other hosting provider.

  4. cpanelinfoseeker

    cpanelinfoseeker Well-Known Member

    Oct 25, 2002
    Likes Received:
    Trophy Points:
    NE Illinois
    cPanel Access Level:
    Root Administrator
    Any host can read anyone's email if they choose to. I'm busy enough with my own emails, I don't want to read anyone elses email, but there are times in troubleshooting where an admin may need to test the server or an individual account, and possibly send from, and verify reception to a particular user account that is having problems. While this is fine to do, the wrong email may be opened occasionally, but I hope most hosts have a higher respect for their firends and clients than to intrude just for their own curiosity.

    You are probably a better judge of him as you know him, but is a stranger who might read your mail any better?

  5. Spiral

    Spiral BANNED

    Jun 24, 2005
    Likes Received:
    Trophy Points:
    Email was never really designed with security in mind ....

    The original form had no password encryption and did not allow
    for any file attachments and stored everything as plain text
    which is also how it was transmitted between servers across
    the internet out in the open for any administrators and anyone
    with the proper know how to intercept and read as they wish.

    Today, tighter security options have been added to the authentication
    to be able to send and receive but the actual messages themselves
    are still stored as plain text files on the servers and are still transmitted
    in plain unencrypted text.

    There are ethics and legal grey areas regarding administrators
    reading email particularly arbitrarily without a legitimate reason
    to do so but as for the technical answer to your question ---

    Anyone with administrator access to the server machine where your
    email account is located, the sending server, the receiving server,
    or any handling point in transit in between can very easily read
    any email you write without the need for any password or any
    kind of restrictions whatsoever, totally out in the open.

    I am respected and trusted globally and personally advise probably
    close to half the hosts out there and am in a very unique position
    and I can tell you that this is indeed one area I agree that there
    should be more security knowing first hand how things operate.

    On the flip side of that coin, if servers couldn't read messages even
    in a limited automated capacity, there would be absolutely no way
    to prevent spam and you would probably see bulk junk mail expand
    exponentially unless you moves to a pure whitelist system. In the
    same vain, it would make it more difficult to track abuses such as
    terrorism, hacking, or other illegal activities and these are likely the
    primary reasons that email has been left the way it is to date.

    Generally speaking though, most administrators will not sit there
    and read your email messages unless you have done something
    very naughty putting you under investigation and there has been
    a request from law enforcement. At most administrators are
    usually only concerned with keeping spam out of mailboxes and
    really nothing more beyond that.

    If you don't trust someone in particular who is handling the server
    where your mail is being handled --- don't use that service!

    If the people you send to are willing to handle encryption themselves,
    you might consider setting up an encryption package such as GnuPG
    which will encrypt mail before you send it and will remain encrypted
    until the recipient decrypts it with their own decryption key.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice