I normally check my email using two different methods. From the home office, all mail is delivered directly into my mail program (Outlook Express).

From the Corporate office, we have Microsoft Exchange Server and I check other email accounts via a web-based email program from ipswitch called iMail. This is the same program that my host uses for client email hosting.

Yesterday, 2002 July 31, I was communicating with someone concerning a URL Submission to our directory. When I'm checking mail via the web based program, I usually follow links from within the email so the referrer string shows us reviewing that site in that persons referrer logs.

Well, this person happen to be looking at their live referrer logs, noticed the referring URL and clicked it. Viola, they went straight into my web based email system. Normally they would end up at the login screen, but not this time. I guess it had something to do with my still being logged in and them clicking the link before a session expired, I'm not sure yet.

For those of you who may be using the ipswitch iMail product, you may want to look into this. This is the first time in the 3+ years that I've been using it that a problem has surfaced. I wonder how many others were able to access my email via the referring URL!

We are contacting ipswitch this morning to discuss the issue. In the mean time, for those of you using the program, there may be a security breech if someone follows a link in an email from their web based login. I think the timing has to be just right for this to happen. I'll come back and post more as we figure out what the problem is.

P.S. I don't keep anything in my web based email program for more than 12 hours. It is not used as a storage facility, more as a gateway while I'm away from the home office.