MOA81
asked on
how can i know if the adminstrator is accessing or reading or view my lotus notes email
Dear Experts
how can i know if the adminstrator is accessing or reading or view my lotus notes email?
how can i know if the adminstrator is accessing or reading or view my lotus notes email?
If is on the second Tab of the properties ( Info) , the button is labeled User Activity.
You need to check all replications of the mail DB.
I hope this helps !
You need to check all replications of the mail DB.
I hope this helps !
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks a lot all for the feedback
Dear SysExpert
I guess that wasn't good enough, you cannot really proof if someone has actually opened your email.
Dear marilyng:
Actually my worries is not the personal stuff, I am more worried about the business related mails.
Can I have your comments on the following two scenarios?
You mentioned:
>>This is accomplished by using the Delivery Options and selecting "encrypt" on the memo that you are sending. This means that only the people addressed in the email can read the contents in the body of the email, and an administrator accessing the email account with their ID would see a blank body.>>
- The administrator took a replica of my mail on a different server and of course he has my id and he can reset the password. (Then there is no way on earth I can prevent the admin from accessing my mail) right?
- I have sent an encrypted email to my colleague, are you sure that no one can see this email (even the subject)
What if the administrator started note administration and then did an email tracking then the log file will appear; now in this case will the to section and subject be encrypted yes or no?
Dear SysExpert
I guess that wasn't good enough, you cannot really proof if someone has actually opened your email.
Dear marilyng:
Actually my worries is not the personal stuff, I am more worried about the business related mails.
Can I have your comments on the following two scenarios?
You mentioned:
>>This is accomplished by using the Delivery Options and selecting "encrypt" on the memo that you are sending. This means that only the people addressed in the email can read the contents in the body of the email, and an administrator accessing the email account with their ID would see a blank body.>>
- The administrator took a replica of my mail on a different server and of course he has my id and he can reset the password. (Then there is no way on earth I can prevent the admin from accessing my mail) right?
- I have sent an encrypted email to my colleague, are you sure that no one can see this email (even the subject)
What if the administrator started note administration and then did an email tracking then the log file will appear; now in this case will the to section and subject be encrypted yes or no?
If the administrator took another replica of your email, then this would appear on the SERVER Replication History tab. But, again, this is not foolproof, he or she can delete the history.
Subjects of encrypted mail are visible, the body is not, unless the administrator signs on with your Notes Id, (or any of the recipient's Notes ID) to view the mail. No one but the intended recipients can see the email. If they forward the mail, however, all bets are off, the mail becomes unencrypted when they forward.
You can create a secret encryption key, (File>>Security>>NotesData >>Document s) and encrypt documents that you have, or want to send in your database with this key. But that would only cover the stored documents, to encrypt your sent emails you would need to modify the design of the notes email database.
I'm seeing if PGP works on internal Notes Mail.. will get back to you.
Subjects of encrypted mail are visible, the body is not, unless the administrator signs on with your Notes Id, (or any of the recipient's Notes ID) to view the mail. No one but the intended recipients can see the email. If they forward the mail, however, all bets are off, the mail becomes unencrypted when they forward.
You can create a secret encryption key, (File>>Security>>NotesData
I'm seeing if PGP works on internal Notes Mail.. will get back to you.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Here is a good article about all types of Notes Encryption:
http://www.ibm.com/developerworks/lotus/library/ls-Notes_Encryption/
Personally, I would set all delivery options to return-receipt when "read", this way if someone other than you or your recipients open the email, you'll get a notice of who it was snooping.
http://www.ibm.com/developerworks/lotus/library/ls-Notes_Encryption/
Personally, I would set all delivery options to return-receipt when "read", this way if someone other than you or your recipients open the email, you'll get a notice of who it was snooping.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks all for the input, I guess what brwwiggins said was true, if the admin is good enough you will have hard time to accomplish this, besides for sure the admin has a backup of your ID, and he can wipe any trace...
as for now
gad bless and thank you all
as for now
gad bless and thank you all
Unfortunately, the only way to trace someone using an id to log on is through the server logs. Since when you use your ID, your computer authenticates from a specific IP address. Someone else using an id would authenticate from a different IP address. You would have to get the cooperation from the IT department to trap and find that login in order to prove mis-use.
In the Notes houses where I've worked, we turned on password authentication, and encouraged users to change their password frequently. That would force Admin's to use their Admin ID's to access e-mails, and then document when they did this through trouble tickets, etc.
In the Notes houses where I've worked, we turned on password authentication, and encouraged users to change their password frequently. That would force Admin's to use their Admin ID's to access e-mails, and then document when they did this through trouble tickets, etc.
Marilyn,
Password checking is not foolproof either. Nothing is foolproof.
Password checking is not foolproof either. Nothing is foolproof.
Agreed.
I hope this helps !