Outlook Banter

Outlook Banter (http://www.outlookbanter.com/)
-   Outlook - General Queries (http://www.outlookbanter.com/outlook-general-queries/)
-   -   e-mail security, how to prevent readers from editing e-mails (http://www.outlookbanter.com/outlook-general-queries/18013-e-mail-security-how-prevent.html)

Ursula A. June 16th 06 12:37 PM
e-mail security, how to prevent readers from editing e-mails
 
I would like to prevent receipients of my e-mails from editing the text of my
message. What do I need to do?
--
Many thanks, and have a good day
Ursula A.

Sue Mosher [MVP-Outlook] June 16th 06 02:36 PM
e-mail security, how to prevent readers from editing e-mails
 
Use Windows Rights Management or one of the security services listed at http://www.slipstick.com/addins/security.htm#services

--
Sue Mosher, Outlook MVP
Author of Configuring Microsoft Outlook 2003
http://www.turtleflock.com/olconfig/index.htm
and Microsoft Outlook Programming - Jumpstart for
Administrators, Power Users, and Developers
http://www.outlookcode.com/jumpstart.aspx

"Ursula A." wrote in message ...
I would like to prevent receipients of my e-mails from editing the text of my
message. What do I need to do?
--
Many thanks, and have a good day
Ursula A.

Vanguard June 16th 06 03:47 PM
e-mail security, how to prevent readers from editing e-mails
 
"Sue Mosher [MVP-Outlook]" wrote in message
...
Use Windows Rights Management or one of the security services listed at
http://www.slipstick.com/addins/security.htm#services



Only viable for users within the same Exchange organization? What if
the recipients don't use Outlook? What the OP wants can only be
enforced in a small configuration of mail server and e-mail client. RMS
requires the user to log onto a domain using Win2003 with RMS and also
using an e-mail client that supports RMS, like OL2003 (or maybe the
end-users are expected to install the RMS client on their hosts). So
interdepartmental e-mail within the same company could be controlled.

With the plug-ins to Outlook that try to track when a mail is delivered
and when it is read, and some working with a server to regulate who can
read them and how long they can read them, that still doesn't prevent
someone from using a screen capture program, some of which will capture
as text (so no OCR is needed), to then edit it however they want. Since
the mail must somehow be presented in a form viewable and readable to
the recipient, poof, there goes any security that tries to restrict the
content of that mail. The use of these plug-ins requires that the
recipient install them. Not likely, as they aren't going to waste their
time to install software that *they* don't need just because some sender
would like it. Unless the OP is asking about delivering mails within
the same organization (i.e., sender and recipients are in the same
company) where some leverage can be applied to force recipients to
install software or follow policies, the use of the security plug-ins or
services pretty much guarantees that the recipients won't be able to
read his mails.

The OP, as the sender, wants to control what the recipient can do on
their own host. Not going to happen. The OP has provided no
information regarding who and where are her recipients and yet with such
vague information she wants specific help.

Sue Mosher [MVP-Outlook] June 16th 06 04:09 PM
e-mail security, how to prevent readers from editing e-mails
 
Use Windows Rights Management or one of the security services listed at
http://www.slipstick.com/addins/security.htm#services

Only viable for users within the same Exchange organization?

Trusts can be set up for WRM functionality between partner organizations. Most of the third-party services I cited can be used between any sender and any recipient, because they depend on an intermediate server to handle the permissioning of the message.

What if the recipients don't use Outlook?

For Windows Rights Management, IE can be the reading recipient with the addition of a couple of client pieces. Other solutions have smaller footprints, IIRC.

The OP, as the sender, wants to control what the recipient can do on
their own host. Not going to happen.

The original poster only said they don't want recipients to be able to edit the email message. They didn't say anything about copying or printing, just editing. At the simplest level, there are other ways besides rights management to send a non-editable message. Send a .pdf file attachment , for one.

The OP has provided no
information regarding who and where are her recipients and yet with such
vague information she wants specific help.

Why does that have to be problem? Why can't we help the poster frame their issue more precisely by asking questions and discussing the alternatives and their limitations?
--
Sue Mosher, Outlook MVP
Author of Configuring Microsoft Outlook 2003
http://www.turtleflock.com/olconfig/index.htm
and Microsoft Outlook Programming - Jumpstart for
Administrators, Power Users, and Developers
http://www.outlookcode.com/jumpstart.aspx

Vanguard June 16th 06 06:40 PM
e-mail security, how to prevent readers from editing e-mails
 
"Sue Mosher [MVP-Outlook]" wrote in message
...
Use Windows Rights Management or one of the security services listed
at
http://www.slipstick.com/addins/security.htm#services

Only viable for users within the same Exchange organization?

Trusts can be set up for WRM functionality between partner
organizations. Most of the third-party services I cited can be used
between any sender and any recipient, because they depend on an
intermediate server to handle the permissioning of the message.

--- INLINE REPLY SEPARATOR ---
(required due to poster's use of quoted-printable format for Usenet
posts)

Hmm, interesting. So a 3rd party (or one of the trusted parties) could
be used cooperatively by oth the sender and recipient. This might be
handy for mails sent between two divisions at different locales or
between two different companies, but cooperation by both is still key.

What if the recipients don't use Outlook?

For Windows Rights Management, IE can be the reading recipient with the
addition of a couple of client pieces. Other solutions have smaller
footprints, IIRC.

--- INLINE REPLY SEPARATOR ---
(required due to poster's use of quoted-printable format for Usenet
posts)

I only took a quick glance at the Windows RMS web page and noticed that
they mentioned installing an RMS "client". It mentioned RMS-enabled
applications but also mentions a separate client which might then handle
the permissioning on the mails that then get delivered to an e-mail
program. Guess I'll have to do some reading on RMS; however, in over 2
decades, I haven't had complaints nor experience other coworkers editing
my mails, or I didn't care that they did since I have a copy of what I
sent.

The OP, as the sender, wants to control what the recipient can do on
their own host. Not going to happen.

The original poster only said they don't want recipients to be able to
edit the email message. They didn't say anything about copying or
printing, just editing. At the simplest level, there are other ways
besides rights management to send a non-editable message. Send a .pdf
file attachment , for one.

--- INLINE REPLY SEPARATOR ---
(required due to poster's use of quoted-printable format for Usenet
posts)

The PDF had better also have the option to not allow copying (although a
screen capture program can still capture the displayed text). How would
the recipient of an altered e-mail differentiate between the sender
editing the original e-mail and sending that or the sender creating a
new mail with the altered content? The headers from the original e-mail
are not included in a reply. When forwarding, the headers are not
included unless the e-mail was attached rather than inserted inline.
Many recipients don't like forwarded e-mails with a hierarchy of
embedded .msg files when forwarding by attachment is used, so most
senders forward with the original content inline to the body of their
new mail.

"Editing" doesn't just mean adding or deleting within a document,
especially when using Outlook which is going to create a *new* document,
anyway, for a reply or forwarded mail. Editing can simply be taking the
content and modifying it or even creating entire new content but which
looks to have some of the old content. Since the reply or forward is a
new mail, there is nothing stopping the recipient from copying and
pasting or even from them from writing it all as new content and
pretending some is the original content. When replying or forwarding,
the original mail is not even included. Only a copy of it is included
in the *new* mail sent by Outlook. The next recipient won't have a clue
that the first recipient modified the original mail. Even digital
signatures can "disappear" from the original mail when they are
supposedly included in a reply or forwarded mail (i.e., only the first
recipient knows there was a digital signature, and the next recipients
after the first one get whatever that first recipient sends them, not
what the original sender sent).

The OP has provided no
information regarding who and where are her recipients and yet with
such
vague information she wants specific help.

Why does that have to be problem? Why can't we help the poster frame
their issue more precisely by asking questions and discussing the
alternatives and their limitations?

--- INLINE REPLY SEPARATOR ---
(required due to poster's use of quoted-printable format for Usenet
posts)

That was a jibe at the OP to see if she comes back and clarifies under
what environment she is trying to enforce non-editable mails. E-mail is
not a secure communications method. Having control over mail delivery
at both ends (for sender and recipient) provides more control but it is
still somewhat a cooperative affair between the participants yet it
still doesn't seem implausible that it cannot be defeated. For normal
setups, no, the received mail cannot be restricted from being edited.
We'll have to wait for the OP to return to provide more details. Based
on the dearth of information in her post, the simple answer is, "Nope,
you [probably] can't do that."

If I can see the original mail, I can create a *new* mail that looks
like I replied to it or forwarded it when sending it to someone else,
and since it is a new mail then I can put whatever I want in that mail.
As you mention, about the only way to eliminate that would be to require
both sender and recipient to be utilizing the same mail service, like a
trusted RMS server or the same mail server, so that the first recipient
can only pass along the server-side protected original mail and cannot
create a new mail containing just some or all of the content from the
original mail (i.e., the recipient never gets the mail but just a copy
of it, the original is still back at the server, so they can only resend
the original from the server that they don't actually have locally). I
can see how the sender and recipient can cooperate with each other to
guarantee the security of the mails sent between them, but I don't think
that is what the OP is asking about.

The solutions for secure e-mail will cost the OP some real money, time,
and require expertise (by her or someone else). They exist but they
also require cooperation by the recipient.


All times are GMT +1. The time now is 11:21 AM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 2.4.0
Copyright ©2004-2006 OutlookBanter.com