Many years ago I was a consultant for a company who decided they wanted to perform a security audit of their computer systems. One of components of their system that I was requested to check out was email. My client wanted to determine if their email was secure.
It took me all of a minute to determine that their email was totally and completely insecure. Fortunately for them, this was in days before it was common for company computer systems to be directly connected to internet, because their email messages were stored in plain text in a well known system location. In fact, not only were email messages stored in a completely insecure manner, but deleted messages were not actually deleted until an administrator purged them - and since they didn't have anyone doing that there was a complete record of company emails going back years in past.
I had spent about thirty minutes on this part of audit so far and was ready to move on when one of email messages caught my eye. It was a particularly juicy romantic message from one employee to another. Well, romantic is not right word - highly x-rated would be more like it.
Curious, I continued looking through emails (off clock, of course, since I had already accomplished my mission as regards email) to see what else was stored in single message file.
I stayed up all night long, highly amused at what I saw that day. Believe me, I read some serious blackmail material (if I was that kind of person). Lots of office romance, some flirting, X-rated messages and other similar things. I remember one particularly scandalous series of hundreds of emails going back and forth between one man and a woman (both single) recounting their relationship for years. Every date, every x-rated encounter was written up in long, detailed messages. This was very entertaining stuff indeed.
After a few hours I got bored and stopped reading. I was tempted to keep a copy of email data but resisted. That was not part of my mission. Fortunately, it was also not part of my job to report on indiscretions committed by various employees. My job was to find and fix any insecurities, and that's exactly what I did ... I erased file and set up an automatic purge to permanently delete old emails. At time that was best that I could do.
I learned a very important lesson that day - email is not private. Not by any means.
Not much has changed in intervening years. In fact, email messages are generally not encrypted in any way. In fact, I have never received an encrypted email and I've only sent a few in my entire life.
Just so you completely understand, a normal email message is NOT equivalent of a letter send through normal mail. In that case, you write your note on a piece of paper, put it in an envelope and drop it into mail. As far as email is concerned, a better analogy is of a postcard. Your messages are "written" on electronic equivalent of postcards. What does this mean to you? Anyone can look at your message. Quite literally, anyone.
Let's look at process to illustrate how and when an email message could be read by another person.
1) You write email using your email client. The client may create that email as a text file in a temporary folder on your hard drive. If someone looked at your hard drive they could find email. And it's not any better if you use a web based email client such as Hotmail. These leave files in Temporary Internet Folder, which can easily be recovered. Remember that next time you read your emails at work...
2) You do type in email address to which an email is sent. You could accidentally type in wrong address. Worse yet, if you have distribution or mailing lists, you could accidentally type in one of those, which may cause an email to inadvertently be sent to wrong person or people. For example, if there was a "Joe S Smith" and a "Joe M Smith" at your company with very close email addresses, you could easily send to wrong person.