1. Computing

Who's Got My Email?

Norton Antivirus has come under fire recently from users and media concerned with their use of a proxy server to scan incoming mail. Allegations of angry ISP's and unretrievable mail have grown to allegations of the mail actually being routed to Symantec's own servers. See "Better Read Than Dead, That Anti-virus Program May Be Helping Someone Else to Read Your E-mail", written By Robert X. Cringely, columnist for PBS.

According to BugNet, who first published a report on this in February 2001 and then revisited the issue in March, the proxy server acts as a go between between the user's ISP and the user's mail client. Microsoft® Outlook, Outlook Express, Netscape® Mail, Eudora and Pegasus mail clients are supported by the proxy's redirection. Essentially, incoming mail destined for the user is rerouted to this proxy server where it is then scanned for viruses before being passed on to the user's mail client.

In Cringley's article, he alleges that the email is hijacked and actually being sent to Symantec's own servers for scanning. In short, he questions whether it is a privacy violation. The equally short answer is no, on both counts.

Norton Antivirus creates this POProxy by using the loopback address of 127.0.0.1. Anyone who tries to access this address will get a response - from their own system. All mail clients work via addresses, referred to as IP addresses. Similar to phone numbers, each is unique. Unlike phone numbers, there's one that lets you call yourself. That one is 127.0.0.1. So you see, Norton can't spy on your email. All they're doing is rerouting it to a different spot on your own computer, scanning it for viruses, and then sending it to you - hopefully free from malicious code.

Is the method error proof? As with most software, the answer to that is also, no. Sometimes timing issues occur, or users inadvertently stop the POProxy service, or there's a conflict with another application that prevents it from running. In such a case, users who attempt to retrieve their email will be greeted with the message: "The connection to the server has failed."

In such a case, the server is identified as either "127.0.0.1" or "pop3.norton.antivirus." This message likely adds to the notion that the email is actually being routed to a physically separate location. Symantec has published several support articles designed to solve these issues.

Norton 2000 users can find support resolution for timing issues at: http://service1.symantec.com/SUPPORT/nav.nsf/docid/1999093013425706

Norton 2001 users can find support resolution for timing issues at: http://service1.symantec.com/SUPPORT/nav.nsf/docid/2000121914360606

©2014 About.com. All rights reserved.