If an employee of mine tried to send email from their own server, instead of using my company’s, I’d reprimand them, harshly. And if they continued to refuse to use the appropriate email server I’d have to terminate them.
Who ran Hillary Clinton’s Email server? What software did it run? Where was it hosted? How physically secure is that location? How secure is the ISP that serves data to that server? The administrators of that server – are they background-checked? Are we sure they are not in the service of any foreign entity, or even a domestic one? Is the server patched to the latest version? Are there any vulnerabilities on the version it is running? Are there any backdoors or rootkits or other such stuff on there? What’s the update schedule on that server? Is there any strong cryptography on it? What protocols are running?
And the answer in just about all of these cases is, “I have absolutely no idea.” And that is completely and totally unacceptable.
If you administer an email server, YOU CAN (usually) READ ANY EMAIL THAT IS ON IT. When it’s some regular schmoe somewhere, that’s less of a big deal (but still something to be concerned about). When it’s the Secretary of State of the United States of America, that’s a bit of a bigger deal.
If you are reading this and feeling like I’m not exactly right, go talk to your email admin. Ask them to read you your latest email – “just so you can see if your email software is working.” Let me know what you find.