Internet is a huge infrastructure, there are a lot of people on the Internet that might have interest in your communication. It is easy for someone with access to computers and networks through which your information travels to capture your information. Here is a list of top places where your email can be intercepted:
- the Internet
- internet service provider (ISP)
- email provider
- hotel, conference center, Internet cafe
- college, university, trade school
- local loop service provider
- local area networks, metropolitan area networks, wireless networks
- your own computer
If someone can obtain the username and password that you use to access your email servers, they can read your email and send false email messages as you. Very often, these credentials can be obtained by eavesdropping on SMTP, POP, IMAP, or Web Mail connections, by reading email messages in which you include this information.
Invasion of Privacy
Our right to be left alone has disappeared, bit by bit, in little steps.
The Net was born as an open research tool, and was never designed to allow privacy or security. But at the same time, the Net seems to offer perfect anonymity, and most users behave as if they cannot be seen. Who hasn't said or done something online which we wouldn't do in the “real world?”
"36 percent of Net users have sought online support for health, family and mental health issues, and 24 percent of those have signed in with their real name and e-mail address. Every question they've asked and every statement they've made is now stored on a hard drive somewhere."
“A lot of people think about privacy but don’t really care until something happens to them personally,” said Beth Givens, director of the Privacy Rights Clearinghouse. “It's like freedom. You don't appreciate it until it’s gone. If you are a victim of identity theft, you experience a change of world view, you realize how little control you have over your world.”
Anyone who has system administrator permission (even if they are not supposed to) on any of the SMTP Servers that your message visits, can not only read your message, but they can delete or change the message before it continues on to its destination. Your recipient has no way to tell if the email message that you send has been tampered with or not! And, if the message was merely deleted, they wouldn't even know.
It is very easy to construct messages that appear to be from someone other than who they are actually from. Many viruses use this facility to propagate themselves. In general, there is no way to be sure that the apparent sender of a message actually sent the message - it could just as easily be fabricated.
Just as a message can be modified, messages can be saved, modified, and re-sent later! This could result in you getting multiple messages and thus taking actions that were not requested.
As messages are stored in plain text on all SMTP Servers, any backups of these servers' disks may also contain plain text copies of your messages. As backups can be kept for years and can be read by anyone with access to them, you messages could still be laying around in insecure places even after you think that all copies have been "deleted".
Because email messages can be forged, there is no way for you to prove that someone sent you a particular message. This means that even if someone DID send you a message, they can successfully deny it. This has implications with regards to using email for contracts, business communications, electronic commerce, etc.