Have a sticky situation where I'm asked to navigate through a users email to see if I can locate any wrong-doings; ie replying to any spam sent from "questionable sites". The mail is stored on the server and I know this users password so I would like to know if there are any implications that can come from me logging in as this user and viewing his mail? It's my understanding that this user initially spearheaded the campaign to have policy created to prevent users from accessing "questionable sites" and viewing prohibited content, so it would seem that he'd be aware of the consequences. This is a first for me and I've seen postings like this before so I'd like to get an idea of how most handle these particular situations. What procedures, if any, should be followed to ensure that the users rights aren't violated or that the IT department doesn't come under fire? TIA