[lug] Monitor Email

Fred Robinson fred.robinson at sipfusion.com
Wed May 14 10:04:44 MDT 2003


Hey JD!  It's me, the projector guy......

Anyway, I'm a little late to this thread, but I have been following.  I
respect all the views of my fellow LUG'ers, and I must admit that I've
offended this crowd myself a time or two.

I understand your employers good intentions, and very much respect your
feelings of obligation, but I too am very sensitive to issues of privacy.
My position on privacy is really a matter of a seperate debate perhaps.

To the point, have you explored alternative means to montioring all emails?
I mean, first of all, is it really practical for the employer to read
everyone's mail?  Who has that much time?  What about filtering and IP
address blocking at the firewall?  If you know which sites you don't want
employees visiting block those IP's, or if there is limited need for
employees to have access to the Internt block all IP's except for the few
known IP's for which employees would need Internet access to, like the email
server, etc.  If the employer is concerned about a specific employee it is
feasible to contact the domain host and ask them to setup an SMTP rule that
would copy you on a person's correspondence.  From a Network Admin's
perspective it is also feasible that you could view a users sent mail or
inbox folder remotely.  Just some suggestions, before you find yourself down
the sticky path monitoring all email activity.  I think you stand a much
better chance of avoiding legal and ethical traps if you approach this from
two perspectives;
1. Without specific knowledge of an individual's misuse the only remedy is
to impose general network restraint, block IP's, filter, etc.  This is more
practical because no one has the time to scan all email, and it doesn't
unfairly target a specific user without cause.
2. Conversely, if there is cause, undeniable proof, that a specific user or
users have violated a personal use policy, then I think the next step of
monitoring activity could be justified.

Just some suggestions.....

Fred Robinson
2855 Rock Creek Circle #131

Superior, CO 80027
fred.robinson at sipfusion.com
office: 720.304.8707
mobile: 303.881.7590



-----Original Message-----
From: lug-admin at lug.boulder.co.us [mailto:lug-admin at lug.boulder.co.us]On
Behalf Of jdavis
Sent: Tuesday, May 13, 2003 5:12 PM
To: lug
Subject: Re: [lug] Monitor Email


On Tue, 2003-05-13 at 14:25, John E. Koontz wrote:
> At 01:22 PM 5/13/2003 -0600, JD wrote:
> >well, the mail server is not on the lan that i get to work with. And I
> >dont even have a public IP to set one up. Any suggestions?
> >
> >thanks,
> >jd
> >
> >p.s. as far as legality...Hey, its his world, Im just a squirrel
> >tring to get a nut :p
>
> A party who wants to see all the mail passing through a server is engaged
> in very questionable activities, legally speaking, though I've heard
> various views on that.   I do know of a person who was fired and
prosecuted
> for it.  A person who wants to do this and has no access to the server is
> in organizational as well as a rather more certain legal jeopardy.  When
> the party of the first part's activities are discovered, the party of the
> second part will be what I think is technically called "party before the
> fact."    Party to what, I'm not sure, but it won't be a nut.
> John E. Koontz
> NIST 896.04 PCSG
> 303-497-5180
>
> N39° 59' 42.1" W 105° 15' 49.7"
>

look Im just a contractor trying to pay off my car and the many
other bills I have. If the owner of the company wants to view all the
mail sent from his office...I will oblige him. All the employes know..
so its no big deal.

Futhermore..the handbook for the company says very clearly...

"No personal internet use of any kind while on the clock"

so the question of ethics is put on the user. This would not even
be happening had the users not abused our internet connection and
tried to bill the company for the time wasted.

I like the idea of blocking all free mail services but the problem is
employies are using the companys pop accounts for jacking around too.

So the only option is to view the mail coming in and out via company
email account (witch is work related anyway...right?) and block all
others.

as far as not having access to the mail server...
We have someone host our domain and our domain mail....at there
location. So, i dont have root and the machine is not on my lan.


thanks,
jd

_______________________________________________
Web Page:  http://lug.boulder.co.us
Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
Join us on IRC: lug.boulder.co.us portf67 channel=olug




More information about the LUG mailing list