— -- When Hillary Clinton used a private email address to conduct business during her tenure as secretary of state, her team said she acted within "the letter and the spirit" of State Department rules.
However, the revelation has left some people wondering why the nation's top diplomat would use an outside channel to communicate.
"When you have the secretary of state conducting official business on a private domain, this is the sort of the stuff [you read in] spy novels," Bruce Webster, an information technology consultant at Ironwood Experts, told ABC News. "As soon as you go to a private domain and Web server, you, in effect, have no guarantee.
There are plenty of unknowns about Clinton's private email account. It's not yet even clear which email service she used for her State Department business or the level of security attached to that account.
The domain "clintonemail.com" was registered the week before Clinton was sworn in as secretary of state in 2009, the Washington Post reported. However, Clinton's team has not confirmed that she used an email at that address.
Without naming names, a senior state department official said Clinton’s predecessors practiced a similar private email policy.
However, two prior secretaries of state either exclusively used government email or used no email at all, and a third avoided private email for classified matters, sources close to them told ABC News. An official close to Condoleezza Rice, who led the State Department for three years under George W. Bush, said Rice never used a personal email account for State Department business. A former State Department official close to Secretary Madeline Albright, who served in the late '90s, said she didn’t use email at all. Peggy Cifrino, a spokesman for Colin Powell, said the emails he did send from a personal account were mostly unclassified in nature and preceded any policy forbidding the practice of using personal email for work.
Robert Siciliano, an online safety expert for Intel Security, told ABC News that it's within the realm of possibility that whichever hosting company Clinton used for her private email address could have had access to her private messages.
"If a company is hosting a website, they have access to the Web servers and the inner workings of the website," Siciliano said. "If they're hosting email, it would be safe to say that company could have access."
Also at issue is whether Clinton's emails were stored in accordance with the Federal Records Act. While her personal account would not have fallen under that umbrella, her team noted that much of her correspondence still was covered as a result of emailing people on their government accounts.
"For government business, she emailed them on their department accounts, with every expectation they would be retained," Clinton spokesman Nick Merrill said in a statement.
Siciliano said it all comes down to whether the message passes through a wide-open server that anyone with access can read, or if it has a level of encryption attached to it. While Clinton's choice may deviate from the norm, it's also possible she was working with a service that provides encryption keys on both ends.
"It's a good rule of thumb to keep in mind that your emails are generally not completely private," Siciliano said. "Email can be read with a subpoena and someone on the inside of an organization that has access to the servers could have access as well."
Webster called Clinton's choice to use a private email account a potential "staggering breach of security" and said the implications could have been huge if hackers tapped in.
"You are just asking for world intelligence agencies, both friendly and hostile, to start looking at this domain and find ways to get into it it -- whether through technical hacking or social engineering."
ABC News' Justin Fishel contributed to this report.