Privacy risk in your email client?

Tue 02 February 2010

That was a switch in my email client Thunderbird 3 that I did not have checked because I wasn't sure what it was doing and I certainly didn't want my Inbox to be cleared every time I exited the software.  So I decided to do a search for it to see what I could find out.  Here's what I found:
When you delete messages in an email program ("email client") or move them to another folder in the program, they are not yet physically removed - even emptying the Trash does not remove them. Instead, Thunderbird and other email programs simply hide the "deleted" messages and mark them as ready for physical removal. The process of physically removing such no longer visible messages is called "compacting". This means that messages that you think you have deleted are not actually physically removed until you manually or automatically compact the folder they were (are) in.

This, to me, is a privacy and a security concern.  If you are following a policy of deleting sensitive messages after you have read them, you may only be hiding them from yourself and not actually deleting them.  This means that the messages are still out there and available for discovery.

So do some research and make sure your email client is doing what you want it to do.

By Sparks, Category: Information Security

Tags: Privacy / email /