From an admin perspective, this is so massively useful in troubleshooting that I can't click the Demote button hard enough.

That's what the ACL on the mail.box(es) is for.

Darn it, guess I need a new mouse. Apparently I CAN click the demote button hard enough.....

Craig is right, the ACL should provide the necessary protection without inventing additional functionality.

I would also like to point out that a primary role of Administrators is to keep the mail flowing in an organization. At the end of the day you need to trust someone to do that job. Almost every administrator has rights to edit server documents and hence can give themselves Full Access Administrations rights even if they don't already have it. Most already do, which means they can read any mail file and generate any e-mail message they want even without the need to access the Mail.Box directly. I think its implicit that we must trust that Administrators are doing the right thing by your company. If you have sensitive mail you don't want someone else to be reading Encrypting the e-mail is perhaps the only way to ensure privacy.

I agree with Craig and Peter's argument. I've demoted this.

For troubleshooting you never must read the body and attachments of a mail in the mail.box.

Encrypting sensitive mails isn't the solution when you want that the routing is secure for any mails.

@4 There have been hundreds of times when I cut/copied email from one server's mail box to another's in order to assist in troubleshooting mail delivery issues.

The act of cutting/copying the email to the clipboard makes it possible to paste it anywhere, including a mail file for review. Encrypting the mail does stop this use.

Hire trust-worthy folks, and properly secure your environment from untrustworthy ones. Basic security.....

I agree with those who state that the ACL should handle this.

But I understand the thoughts behind this Idea. I have worked in an organization where there were over 40 people with full admin rights to the whole system. That is of course far more than required.

@5 I see, you need the possibility to copy mails form one mail.box into other an other mail.box

Would it be a solution when we encrypt the notes network trafik, that the mails in the mail.box are automatically encrypted by the router task.

When the router task store the mail into an other database it should decrypt the mail.

@7 - I understand the situation you've outlined, and it's hard to deal with it. It's essentially a "people problem" we're trying to solve with a technology solution.

The encryption idea is a start, but I can think of a number of situations where that might not work as we'd like.

Shining a bright light is a useful way to deal with this is. Perhaps via much more detailed logging of admin access to the mail.boxes. If every time you read/copied an email from the mail.box logged an entry like
"12/15/2009 03:43:32 AM Bob Evilman read/copied a message from mail1.box FROM Bill Boss, subject 'Employee Reviews'"
that might cut down on any inappropriate activity, without restricting valid admin uses.

I work in a cluster of different companys with hundreds of domino servers.
The servers are administrated from the companys itself on different locations.

Only what we want is a secure mail routing without mail encryption.

There are many reasons why we can't use mail encryption.
For example: We can't scanning encrypted attachment for viruses.