Forwared Emails

[DT]

Is there a way to make it so when I send someone an email that if they decide
to forward the email that they can't change any of the previous text that I
had wrote? Thanks for the help

 

[DL]

No

 

[Gordon]

Is there a way to make it so when I send someone an email that if they
decide
to forward the email that they can't change any of the previous text that
I
had wrote? Thanks for the help

Only if the email is sent within a Windows server 2003 environment and the
Rights Management service is turned on...

 

[Gordon]

No

Not /quite/ true - if the email is sent and forwarded within a Windows
server 2003 environment and Rights management service is activated, then the
sender can dictate how the email is treated...

 

[VanguardLH]

in message

Is there a way to make it so when I send someone an email that if
they decide
to forward the email that they can't change any of the previous text
that I
had wrote? Thanks for the help

Not unless the sender (you) and recipient (them) are *both* using
Outlook 2007, Exchange 2007, and a RM (rights management) server. RM
is built into those products so the sender can regulate what a
recipient can do with the sender's e-mail. Outside of that RM
environment, no, you don't get to control anyone else's property.
Would you want someone controlling your computer and the software on
it? In a corporate environment, all the hosts, software, network, and
everything involved with e-mail is THEIR property so they can decide
to control it however they want. When you are sending e-mails over
the Internet, nothing outside your home's walls is your property so
you don't get to control anyone else's property.

 

[DT]

Thanks. I just didn't know if there was a way that you could encode or
watermark it for a lack of a better term so that if someone tried to forge
your message when they were going to forward it they would be unable to.

 

[VanguardLH]

Thanks. I just didn't know if there was a way that you could encode
or
watermark it for a lack of a better term so that if someone tried to
forge
your message when they were going to forward it they would be unable
to.

You could add a digital signature to your outbound e-mails (as a
global option or per e-mail). You would have to get a certificate to
sign your e-mails. If someone were to edit your message, the hash
wouldn't match. However, that doesn't prevent someone from forwarding
an edited non-signed copy of your e-mail. The resender won't have
your certificate to sign their forwarded copy of your message. They
would have to *attach* when forwarding your e-mail to keep your
digital signature and hash intact so the next person would have
verification that your message had not been edited. If the resender
merely forwards inline your message, they are always editing your
message. Inline forwarding strips out the headers of the original
e-mail so the resender (forwarder) is always editing your e-mail when
forwarding it. Only attaching an e-mail guarantees the next person
gets the original e-mail, and would also be the only way to keep the
digital signature in place. So unless the resender wants the next
person to know that they received your original message with its
digital signature intact by attaching it, they will end up editing
your e-mail.

Few users forward as attachment. Instead they forward inline
(inserting a portion of your e-mail in the body of their own post).
That means they ALWAYS edit the forwarded copy of your e-mail. They
strip out the headers. It is nothing more than copying and pasting
the body of your original post into the body of their *new* post and
perhaps with mention of a couple of the original headers (From, Date,
Subject). Obviously since the content was pasted in the body of their
new message means they can also edit it. Inline forwarding is
convenient but ALWAYS means the next recipient never gets the original
message. Since the person forwarding can choose to forward as
attachment or inline, they still get control over whether they can
edit your message. If they forwarded as attachment, it would be near
impossible for them to alter its content without corrupting the hash
that is computed for the original message from your digital
certificate that only you have.

 

[DT]

So really I have no option, because I can't require the person I am emailing
to attach my forward in their email. I looked at Rights Management but that
again is only valid for internal use. Thanks again for all the help.

 

[VanguardLH]

So really I have no option, because I can't require the person I am
emailing
to attach my forward in their email. I looked at Rights Management
but that
again is only valid for internal use. Thanks again for all the
help.

It is really up to the recipient to demand that the sender digitally
sign the sender's e-mail rather than trust that the content has been
unaltered. If you were relying on e-mails that effected your
finances, competition in a hungry and furious market, or were
otherwise sensitive, would you believe any e-mails that you receive
that weren't digitally signed? In fact, you might require that they
be encrypted besides being signed. If you sent encrypted e-mails, no
one but the targeted recipient could decrypt it, but after decryption
then they could pass it on, but then it would be that new recipient
that would have to demand the original signed or encrypted e-mail
still be provided that way

 

[VanguardLH]

in message

So really I have no option, because I can't require the person I am
emailing
to attach my forward in their email. I looked at Rights Management
but that
again is only valid for internal use. Thanks again for all the
help.

If they can see it, they can copy it.

The recipient decides if they will accept unsigned and/or unencrypted
e-mails that contain sensitive information to them. If you had your
bank e-mailing you your monthly statements, would you let them send
them without being digitally signed? Would you let them send them
without being encrypted? No, so youwould require the sender to sign
and possibly encrypt e-mails that are sensitive to you, the recipient.
RM (rights management) is an attempt by Microsoft to allow the sender
to gain some control over sensitive content and regulate what the
recipient can do with an e-mail. Otherwise, in a non-Exchange, non-RM
environment, it really is the recipient that dictates if they want to
receive secure e-mail. You, as the sender, could use the recipient's
certificate to encrypt your e-mails but only if the recipient gives
you their public key and only if the recipient agrees to receive the
encrypted e-mails, and obviously the recipient can then decrypt those
e-mails that are sensitive to them and decide what to do with that
content.