When it comes to email security, is it possible for an unitended recipient to intercept the email?

Can they do it unknowingly to the sender/recipient?





Please document your answer. Thank you.|||Unintentionally, probably not.





But there is a security testing suite, Dsniff, which can be used on LANs or on the internet which has emailsnarf. It is possible to detect the presence of the attack by the ACK storm that it provokes.





It works by desynchronizing the ends of a TCP connection, and I m not going to get specific on how to attack TCP because some script kiddies might be reading this. You can google for TCP vulnerabilities. I have never met a script kiddie who would do real work.





The Dsniff suite is for security testing. Unfortunately, unless you are using a hardened linux/UNIX server with mostly secure connections and detectors, it can effectively attack whenever it is about 7 hops away from client and server.





Use of emailsnarf against real people's email accounts is illegal unless you are the employer of said person and you have provided them an account to use. Normally, emailsnrf would be used against dummy accounts with dummy data to test security.





So yes, your mail can be intercepted, but it takes a real cracker to do it, not some script kiddie who doesn't understand the principles or know how to program.





And I m not providing any more documentation. This post is dangerous enough as is. Look it up yourself if you really want to know, and be prepared for a learning experience about serials and windows.|||Without very sophisticated and expensive equipment, no.





If they have bugged you or your recipients computer, much easier.|||If the mail server is compromised, or your account is compromised, yes.





Otherwise, only by packet sniffing.


http://en.wikipedia.org/wiki/Packet_snif鈥?/a>





But since email usually isn't encrypted, it ought to be some of the easiest stuff to get into via packet sniffing.|||Very clearly an unintended recipient can intercept your email unless it is sent encrypted.





If it is sent encrypted, it can take a couple hours on a fast computer to break the encryption key, when 128 bit encryption or less is used.





If you make a point of sending all your mail encrypted, the effort to break the key for a lot of low-importance stuff may inhibit anyone from breaking all your keys.





Now understand that this risk is not that your email will accidentally go astray, it is that it will be picked up as it passes through some server.





There is clearly a risk that you will accidentally choose the wrong recipient from your contact list. In companies that use email address based on surname and initial, this happens a lot for people with popular surnames.|||There are many different approaches that could be taken to achieve this, but what you need to do is make sure that you have a strong mail password, that you use SSL for the connection (See your mail client or webmail service for details) and that you encrypt your email using a service such as PGP (see http://www.gpg4win.org for a free version for Windows). Providing you encrypt the email in transit and at rest, and that you take reasonable precautions in controlling the systems you access mail from then you should be safe.