Yes, root can do that. Root is all powerful and has access to everything (unless it is encrypted by the user). Root can check the /var/mail and/or /var/spool/<queue> directories and read all that is there, or can got into users home directories and check those.
You are correct in saying that it is unethical to do so (although there are exceptions, but those are/should be strictly regulated).
Hope this helps.