In a recent question from a searchDomino member, I addressed the issue of system administration people being able to read users' email messages. I said that, to some extent, you just had to trust system admin people.
Member Douglas Butler responded with some helpful information about how his company handles this situation. Here is what he wrote....
I have worked for two different companies as the Domino Administrator. In both cases, we turned on mail encryption on the server (in NOTES.INI in R4 and in the server configuration document in R5). In addition, we add an entry for "[Notes Administrators]" to the ACL of the mail template (eg. MAIL50.NTF) as a "Person Group" with "Manager" access, but (to prevent mistakes) no delete privileges.
The square brackets around the template ACL entry ensures that Notes Administrators will, by default, have manager access to all newly created mail files (existing mail files can easily be updated by mailing a button-based script to all users). When new users are created, either the user types in their password directly, or an administrative clerk enters a temporary one of her choosing. The clerk does not get access to the ID file, and the Administrator does not know the password. Finally, we tell all users that there is absolutely no reason to give out their Notes password.
So, now we have the following: Notes Administrators have full manager access to all user mail files, but (because of forced mail encryption) cannot read the mail; Any activity we do perform is recorded in the logs under the name of the administrator actually performing the work ? not under some ID that they also know the password to; Maintenance is much easier, because we are always working under our own IDs.
(Thanks for helping Doug!)
This was first published in September 2001