I cannot find the article, but I believe this method of sharing access to one e-mail account to many parties was one of the comms methods employed by the 9/11 terrorists, pioneered by Columbian drug lords.
In that movie, which I just check the date for, seems like one of the first pop references to the idea of sharing email drafts in a free email account without sending anything.
https://www.washingtonpost.com/news/worldviews/wp/2012/11/12...
Now, can someone prove me one better and find where this idea got traction? I honestly laughed watching that movie, wondering if Petraeus watched it years earlier, and thought to himself, I wonder if this will work in real life ...
UPDATE: I could, gee, also try RTFWPA! It refers 2005 reports of AQ using the same tactic, you know, where probably he got it from.
Or he got it from the movie, which would make me in a die a fit of laughter!
Note that that doesn't mean it's GOOD.
seems like it would have been a hassle to deal with for the last 15 years
Of course, I've configured my server to properly sign email, publish SPF records, and so on. My server may be small, but god damn it, it's top notch.
He described it as "her laptop", there's a clear demarcation of ownership. I just wonder if those ownership laws of the physical property would overshadow the unauthorised access to material parts of UK's CMA (and it's ilk depending on your jurisdiction). AFAIR it just says unauthorised access nothing about 'of a system not owned by the accused'; indeed there was a case (Court of Appeal case at bottom of http://www.computerevidence.co.uk/Cases/CMA.htm) specifying that it was unlawful access to data on any computer (ie including the one you're entitled to access).
It might serve to consider if your wife had secretly taken lewd pictures that wouldn't give you, as spouse, entitlement [eg because you owned the computer] to access them without her permission.
Just because one owns the computer system doesn't mean one owns, nor has a right of access to, the data. That's quite clear in many areas.
That's a pretty serious firewall you have there. Assuming that s/he was not using encrypted smtp and imap or pop, then you still have a L7 filter that reads and logs email addresses and alarms on them. Now it is unlikely (to me) that you would have a whitelist of acceptable email addresses with which to alarm. I can think of a few other things you might have done to trigger alarms and all of them are pretty distasteful.
So I will conclude you simply violated her civil rights and spied on her.
I feel sorrow for you, genuinely, that you have had a relationship problem but I suspect that it would have been easier to find out what was going on in the various old fashioned ways, rather than farting around with IT and being a bit creepy.
What does that even mean?
"but my name's Jim...."
Please forgive my nosy question, but was she financially dependent on you or was there some other reason for her to maintain the marriage?
Or perhaps some immunity to any results.
I suspect that yahoo and other companies haven't yet taken the issue of failing to delete data that should be deleted as seriously as that of losing data that shouldn't be deleted, but this has the potential to become a significant privacy issue.
This is a solved problem in the real world, but some companies would have us think it's the Wild West, when in fact it isn't.
So while it's possible that backups mean you can never be entirely certain your deleted data will stay deleted, it's most certainly not guaranteed.
In Europe, the recently enacted General Data Protection Regulations "GDPR" which will come into force in 2018 will in theory require organisations to ensure that personal information is removed in an appropriate timeframe - this would include disposing of backups, or where data is comingled, ensuring at a granular level that data is blacklisted for restore.
It remains to be seen how practical that will be, so moving to retentions appropriate for operational restore may be the more sensible solution.
* my speculation
