Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

When I delete private email at work, can it still be found?

Question:

If I access my private AOL e-mail from my company computer, read and delete it, where does it go? Specifically, is it stored/saved on the company’s own server or on my computer’s hard drive? Does it pass through the company’s server and do they have access to it after it is deleted?

The short answer is that there’s no way to know, really. It depends on your companies networking setup, their savvy, and how intrusive they want to be.

But it certainly can be, even though you might access your email via any of several different methods.

Let’s look at how.

Become a Patron of Ask Leo! and go ad-free!

It’s important to realize that at your company’s site, they are providing both your internet connection and your hardware. They can, and in most cases have every right to, monitor anything and everything that you do using their equipment. If that’s unacceptable to you, then you have exactly two options: don’t do anything you wouldn’t want them to see, or get a job somewhere else.

Yes, it’s harsh, but it’s also the practical reality.

Now I’m not saying that every company is out there tracking your every keystroke and taking the time to read every email you send. In fact, it’s more likely that they are not.

“They can … monitor anything and everything that you do using their equipment.” But they could. And you should be aware of that.

There are various approaches to accessing your private email at work. Each of them could be monitored by your company’s IT department in various ways.

Webmail over an https connection.

We tend to think of https as a secure connection, and it is. Mostly. As it turns out it’s possible, if the company controls the machine you use as well as the internet connection, to set up what’s called a “man  in the middle” that could decrypt the contents of an SSL connection and monitor it before sending it onto the remote mail server. It’s complicated, and involves installing private, trusted root security certificates on each machine, so it’s certainly not common at all. But possible.

Webmail over an http connection.

Anything traveling over an http connection can be monitored by your company’s IT department without much effort at all. If you’re reading your email via a web interface, and the URL begins with “http”, not “https”, then this is your situation, and all bets for privacy are off.

POP3/SMTP over a secure connection.

If you run a POP3 mail client such as Outlook, Outlook Express, Eudora, Thunderbird and the like to read your email, and your mail service supports it, most can be configured to use an encrypted SSL connection to prevent snooping. Unfortunately, just like web mail over https, these connections are also vulnerable to the “man in the middle” type of attack. Once again, extremely unlikely, but possible.

POP3/SMTP over a normal connection.

Unfortunately, the default configuration for most email programs is not to use a secure connection. The result is that just like http web mail connections, snooping on your email as it’s being sent or downloaded is trivial for anyone who has access to the networking equipment that connects you to the internet. All privacy bets are, once again, off.

Instant Messaging Programs

These are worth mentioning because once again, IMs are typically not encrypted, and as a result extremely easy for network administrators to monitor and log.

All Types of Access

More likely is that whether or not the internet connection itself is encrypted and impervious to snooping, your company provided and managed PC is not. Some fairly simple spyware could easily be installed on your machine to track what it is your doing. Everything you’re doing – whether it’s emailing, instant messaging or even writing that whistle-blowing note on a USB thumb drive you plan to take home before you email it.

I would guess that for companies actively looking to monitor their employees, a combination of clear-text network monitoring, plus spyware, would be the common way to go about it.

A Word About Deleting

The question was actually about what happens when you delete a message from your private email, having done so using company equipment and internet connection.

The answer is you don’t know what happens.

It may still be stored in your browser’s cache.

It may still be stored in a network monitor’s log of your activity.

It may still be stored in some spyware’s log of your activity.

Or it may not.

The bottom line is that I wouldn’t count on the latter. If you have reason to be concerned at all, heck if you have reason to even think about this issue, then I would make sure never to do anything on your work computer and network that you wouldn’t want your boss to see.

Save everything else for home.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

8 comments on “When I delete private email at work, can it still be found?”

  1. one method that makes it extremely difficult for company IT departments is to connect to an SSH session on your home network, then tunnel through it using a Remote Terminal client (RDP, VNC, etc). Then, everything you do is on a remote computer (yours) using your home internet connection.

    About the only way your company IT gurus will know what you’re doing are regular screenshots of your workstation, which they are capable of doing, but tend not to due to storage requirements. however, this is becoming less and less of a deterrent..

    –zig

    Reply
  2. A sure method would be to use your own laptop (or a portable email capable device) and your own wireless broadband connection. Since it doesn’t use company’s resources, IT can not tap it. However it still can be against companies policy unless you are doing it in your own time.

    Reply
    • Yes.
      Be sure you aren’t using your computer or smartphone over the company’s network. They can see any unencrypted data, and they can see which websites you are visiting or which VPN you are using. And they can tell when you are slacking off and using the Internet when they expect you to be working.

      Reply
  3. Hi Leo,
    I’ve made my living at computer forensics for a decade and a half now. Things always change, but for the moment, here’s how I see it. In the US, mostly, anything you do on the company’s computer, especially on the company’s time, is likely to be something the company is allowed to look at and keep. It’s not easy to completely remove email from a local computer (deleting doesn’t do it), and data we’ve found on such computers has been essential in deciding the outcome of dozens of cases I’ve worked on. Webmail doesn’t leave much on the local computer, but as you mentioned, a man in the middle might still be recording this. Outlook is encrypted, but backups may be stored on the company’s servers, and Outlook files can be hacked to bring back deleted email. Most other email programs are text-based and leave lots of data laying around. I’d say a rule of thumb is that email at work is nonsecure, and your employer may even have a responsibility for filtering and keeping some of it. There’s a video article discussing different types of email here. Hope it’s helpful!

    Reply
  4. Very informative. Just what i have been going through when i was at work. Very good work pleeese keep it up.Honesty is always the best policy in respect to your Boss of course.
    Richard

    Reply
  5. Okay. Very informative all. Now, what if the internet connection is provided through an employers network, but you are using a personal computer to access your AOL or other email. I heard one IT guy say that the IT dept. could tell that an employee is on the internet, but they do not know where. Not sure if this is true. But what about the emails? Are they saved on the company network?

    Reply
    • The IT department can see everything that goes over their network unless you are using a VPN or an SSL (https) connection. But if you use one of those, the company can see that you’ve used a VPN or which website you’ve accessed via an SSL connection, and that could also get you in trouble.

      Reply
  6. “IMs are typically not encrypted, and as a result extremely easy for network administrators to monitor and log.”

    Since this article has been written, this has changed. Many IMs such as WhatsApp, Signal, and Telegram are end-to-end encrypted, but your company can still see which services you’ve used.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.