very possibly a dumb email question

If i use someone else's isp to send emails are the subscribers able to trace what was sent? Nothing illegal here but im helping my son do a research paper on the internet and security. Thanks

Yes and maybe.

Somewhat longer answer ...

This is true if I understand the question correctly. I'm interpreting this as the following:

You have an e-mail to send.

You happen to know the username/password for another person's ISP's mail server, know that this server accepts outside connections, and want to use it instead of your own.

You then wonder if the person will know you did this and/or being able to trace the e-mail back to you or the recipient.

Yes, the person *could*. There are logs that keep track of this. One of my e-mail accounts is set up to receive e-mails that bounce through two other servers before arriving at their destination. One of these I control myself, and I can see what passed through that server any time I want. If I turn on an option to save copies of everything that passes through it on that server, then I even have the text itself. (I actually do this because the whole point of that middle-man server is for backup purposes.)

The headers the recipient sees will also reveal information about the path the e-mail has taken, so if that person happens to be a friend of the person's whose account you use and shares that information (or if it is subpoenaed), then they'll know.

Finally, the ISP itself may have some monitor running that would flag for audit any account seen taking connections from different IP addresses or addresses outside its own domain.

From a practical standpoint, as long as this wasn't done often or in the commission of a crime, it probably wouldn't be noticed, but it could be.

no crime i'm trying find info on this for a paper so i thank you very much

You can actually forge the header and if the mail server does not employ some type of verification methods then you can pass yourself off as someone else. This is the most popular method spammers use. It amazes me that most ISP's do not use Reverse DNS lookup's or even Grey listing. If either of these two methods are used spam goes way down. Now if they could get more people to jump on the SNDS Smart Network Data Services then spam would be extremely manageable. But getting everyone to agree on delivery and messaging stadards is probably never going to happen.

does that apply to businesses who want to protect confidential documents? Surely they must have some form of protection. this is a loop hole i hadnt known and is an excellent point for my paper. Thank you for the info.

E-mail is not secure. This is a mantra to be repeated over and over again by anyone wanting to protect confidential information.

Businesses who use e-mail to exchange confidential information are asking for what's coming to them.

That said, the way you use e-mail in a more secure fashion is by encrypting, e.g. using PGP or OpenPGP to encrypt the e-mail before sending and allowing it to be unencrypted upon arrival at its destination.

If you're not familiar with this and want to explore the topic, go to http://www.gnupg.org

this is very interesting and i envy you your knowledge. Just when i think i know it all...

MyNameGoesHere knows more than I do about this as I believe he is a network admin. I just dabble for my own purposes.

But one of my mentors back in the day put it this way, which he borrowed from someone else. Using e-mail is like sending a post card. It's probably true that no one is really going to see it, but almost anyone could see it, especially if they are actively trying to see it.

Digitally signing the e-mail is like adding a wax seal. Encrypting it is like using an armored truck.

None of it will prevent committed, prying eyes with enough resources, but you better your chances.