T 5.77 Unauthorised monitoring of e-mails

Electronic mail is usually transferred in the form of plain text. Data which has not been encrypted can be monitored and modified on any IT system via which it is being transferred. Electronic mail can be transferred through the Internet via a number of IT systems, without the precise routing being known beforehand. The routing path depends on the degree of utilisation and availability of gateways and network segments. In some cases, e-mail intended simply for transfer between two neighbouring municipal districts needs to be routed abroad at a certain stage.

Access to incoming e-mail can also be gained via the recipient's mailbox maintained on the mail server. This mailbox contains all received e-mails, not only those which have still not been read, but, given the proper configuration, also a list of all e-mails received during a specified number of previous months. At least the system administrator in charge of the mail server has access to the mailbox. In some cases, copies of outgoing e-mails are also stored on the mail server. Usually, however, the user's mail software stores them on the sender's computer.