Limiting unauthorized sign-on's to email account of primary.
Have some alerting method that let's a primary email user that another party has opened their email on another computer. In other words, if the primary email user is signed on (or not), there is some indicator that let's he/she know that someone else is signing on or has signed on from another machine. In fact, any other attempt to sign on should be blocked if not by the primary user, and until the primary grants permission. As it stands with the current system, if someone who knows the user name or PW of the primary, he/she can sign on and view all contents. This is a significant security risk and concern.