Thereās an even bigger problem
No.
And itās even worse than that ā much worse.
Become a Patron of Ask Leo! and go ad-free!
There is no technology that can prevent someone from forwarding or copying a message youāve sent them. Worse yet, in most cases, itās also impossible to prevent them from modifying your message when itās forwarded.
Out of your control
Once youāve sent a message, itās gone, and you lose all control over it.Ā And by all control, I mean:
- You cannot āunsendā it, or prevent recipients from reading it.
- You cannot reliably tell if itās been received.
- You cannot reliably tell if itās been read, deleted, or forwarded.
- You cannot prevent it from being forwarded, copied, or changed.
This applies to almost all message types: emails, text messages, and messages using dedicated messaging apps. (Some may allow you some control if you act quickly enough after sending your message, but itās not something you can rely on.)
Reliably?
Note I said āreliablyā in a couple of cases. There are simple tracking technologies for formatted email, sometimes allowing you to tell an email has been opened. This technique is not 100% accurate because mail clients have the feature turned off by default to protect your security and privacy.
And, of course, āopeningā an email does not necessarily mean the email actually gets read or even seen by anyone.
Changed?
Itās the last item in my list ā āYou cannot prevent it from being forwarded, copied, or changedā ā that should concern you.
Iāll put it more clearly: you cannot prevent someone from changing what your message said before they forward it.
Get that? Not only can they forward your message, but they can change what your message says.
When someone forwards an email, for example, that email becomes the body of a new email, and can be edited before hitting Send. It could be as simple as changing a āyesā to a ānoā, an āI love youā to a āGet out of my lifeā, or perhaps āThe boss is a geniusā to āThe boss is an idiot.ā
You get the idea. If you were concerned about your email being forwarded,Ā you can be even more concerned now. You really do need to trust yourĀ recipients.
What to do?
If messaging and email are such unreliable media, what can you do?
Well, the simplest first step for this particular issue is to save all your outgoing messages. Youāll then have a record of what you really said.
Second, donāt say anything in email you wouldnāt want to be made public.
Third, if forwarding and/or modification is a concern at all, make sure youāre dealing with someone you trust.
There are technologies like cryptographic message-signing that allow tampering to be detected. Unfortunately, theyāre generally used only by some businesses and the tech savvy.
To be honest, it shocks me how much sensitive information is transmitted in email and other messaging media without any protection whatsoever.1
Iām hopeful security and privacy solutions will get easier and more common. For now, though, if someone can read your messages, they can forward, copy, modify, and send it to anyone they choose.
Do this
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
Podcast audio
Related Video
Footnotes & References
1: Other than the silly disclaimer boiling down to āIf this message wasnāt intended for you, forget everything you just read.ā
Hereās an interesting ideaā¦ put a copyright statement in your signature file, stating your e-mail is copyrighted 2006 by you and forwarding is prohibited without your express permission.
According toā¦
http://www.fplc.edu/tfield/copynet.htm
ā¦as long as you file the copyrighted material with the Library of Congress and pay the copyright fee within 3 months of āpublicationā (i.e. sending the message), you can sue the person who forwarded the e-mail for $150,000 in statutory damages and attorney fees.
The tricky part is āpublicationā.
Now, IANAL and from what Iāve read, this is still just a legal *theory*. Whether sending an e-mail to an individual could constitute āpublicationā is still up in the air and could go either way. It might be worth the $30 to send an e-mail to someone, then file a copyright application for it and see if the Copyright Office approves the application.
If the sending of an e-mail to one person did get legal status as āpublicationā of the e-mail, it would certainly protect your e-mail from being forwarded by any U.S. recipient if you put the copyright notice in it.
If they forwarded it that day and it caused you harm and/or embarrassment, you could call your lawyer and file a $150,000 suit.
ā Greg
a hacker went into my pc and foward message and got all my contactā¦what can i do to stop this? I already change my password, is this is enough? plz tell me what I have to do?? I am worry if he have acsess to my file.
Thanks
Leticia
If you use Outlook 2003 there is the ability to request read receipts and recevied receipts.. but most of these are diasbled now because of spam and virus vulnerabilities. Bascily things being used maliciouslyā¦. so yes.. the capabilities are there for some of the aforementioned inabilities, nevertheless I would look around in the options of your message youāre sending and make the message expire in a short amount of time, that way it doesnāt get forwarded after a certain amount of time. I may be wrong, but i think it works without an exchange serverā¦ Leo.. ya or nay?
Thereās no way to make a standard e-mail message self-destruct without the receiving party essentially agreeing to it by using software that accepts and executes the self-destruct instructions.
Actually yes there is a way.. Send you email as an html email with the āletter imageā being stored on your website or other specified image storage site then after an appropriate time delete the image!
Note: This doesnāt work with embedded image but true html email.
If the receiver copies and pastes the contents of the email or takes a screenshot, that would allow them to forward it.
Yeah, message expiration is just as unreliable as anything else.
Can someone program an email to automatically delete once sent to the recipient or viewed by the recipient?
No.
you may be able to stop people from changing, forwarding, printing and even copying your email. Look into IRM from Microsoft.
From what I can tell that only works with Microsoft products ā might be an ok corporate solution (Exchange in the corporation could do some of these things), but not for the general public.
And ultimately, anything the recipient sees on the screen can be captured and printed, and possibly forwarded on.
Think someone is using my email in an outside program. I change my password alot. But lately I am getting return email from a few address that are not mine. this is part of the message.
āThis is an automatically generated Delivery Status Notification. Unable to deliver message to the following recipients, due to being unable to connect successfully to the destination mail server.
Outlook user = login to hotmail websiteā
I use outlook. but NOT on this account. From comments I see that I have been hacked. IS this true? and how do I prevent this from happening, BESIDES changing my password daily or weekly?
Thank you for your time.
Subscribe to the free version of LastPassā¦ And put 40 or 50 character password on your program! THAT ought to slow down your āhackerā.
The comment you are answering is 15 years old and Leoās answer is most likely correct. It easy to spoof an email return address. Itās highly unlikely those bounce messages are the result of hacking.
Itās quite possible youāve NOT been hacked. I get bogus bounce messages all the time. This article may help explain a little: http://ask-leo.com/someones_sending_from_my_email_address_how_do_i_stop_them.html
There is a possible solution.
Create a form using the standard Outlook email message. Edit the Properties of the āToā field to include a validation (such as [To] = ārecipients_emailā), or, simply disable Replying, Forwarding, etc. in the form. Save the form, then use it to send emails.
Food for thought. :)
Hardly. Thereās nothing to prevent someone from copy/pasting your message into a new message. Or for another mail program that doesnāt use forms to ignore everything youāve set up and simply allow forwarding.
āIāll put it more clearly: you cannot prevent someone from forwarding your email, and you also canāt prevent them from changing it before they do soā¦ā
Not true, thereās all sorts of access control software out there, and one specifically that works right out of Outlookā¦ http://www.essentialsecurity.com/products.htm
I stand by my statement. Anything that can be viewed on-screen can be forwarded one way or another.
Saffe does pretty much all of the above (prevent forwarding, make difficult to copy/modify,ā¦). The main drawback is that your recipient has to click on a link to view your message. Other than that itās basically used like regular email. Check it out http://www.saffe.com
Someone keeps hacking my email and then giving my password back. So that Iām able to use my email and then at other times Iām not. Can you tell me how to make my hotmail secure so that the hacker cannot hack it again? Please reply quickly before the hacker hacks my email again!
I read the article and comments, but nothing seems close to what happened to me. This is everyoneās worst nightmare: My ENTIRE hotmail account of 1,600 e-mail messages (received since 2003) was somehow recently sent to a friendās PC! I was working on another friendās computer sending out notices of an upcoming event. Oddly,here was no reply button, so I sent each individual an email by going to file and send. A weird box came up that warned of either a virus or worm, but also stated it could mean I was simply sending out repeated text. The warning asked if I still wanted to send (which I did, as much of the text was indeed repeated text of the same event). Soon thereafter, three of my friends reported receiving emails from the owner of the PC with strange attachments. The owner, an honest person, denys this. As mentioned, only one of these friends (boyfriend) also received my WHOLE email account with access to all my private mail! Does it sound as if my account was hacked into, or the PC I was using, or perhaps the PC of the recepient of my 1,6000 private emails? Needless to say this is a nightmare. Is there any possiblity the receiver of these e-mails could even be responsible? How do I find out? Who should I report this to? My privacy was grossly violated! Thanks.
I concur 110% w/ Leoā¦ Tried a few methods offered directly by MS for Outlook 2003 & Outlook 2007. Neither was even close to being foolproof, even when sending to another person internally. As mentioned all too often ā once the message leaves your server, ALL BETS ARE OFF. Someone out there is going to find a way to copy and/ or forward your message.
In our business we type sensitive messages and output them as attached PDFās. As they are image type PDFās it makes it a bit more difficult to tamper with.
Lotus Notes does indeed prevents copying. We use it at Office and have found it works ! Leo- what comments ?
19-Jul-2009
Hi,It is possible to make sure your mail is not forwarded provided you are using outlook.But if you are using yahoo or gmail,it is not possibe
30-Aug-2009
I wanted to answer the question being asked about regarding forwarding emails. There is a way in Outlook 2007 on preventing the email from being forwarded. I was not sure if this question is being asked of a previous version or not. In Outlook 2007, the instructions are below. I recall in Lotus years ago the ability to stop forwarding as well as printing of the email.
Open and create the message,
Click the Office Button,
Go to Permission and click Do Not Forward
In Outlook 2003, you would have to create a Form and the problem with this is that both the sender and receipient would both have to be using Outlook.
In Groupwise from Novell, we can unsend email, which comes in PLENTY handy if you ātype angryā as Bill Murray would say. If they havenāt opened it, and they donāt have automatic forwarding turned on ā it is gone.
Leo, can you address the comments that note the anti-forwarding capabilities in Outlook 2007?
19-May-2010
I agree with Leo ā there are so many different ways to pass on the information.
Even if you cannot print it, or screen capture it, if you can read the e-mail whatās stopping you opening a new one and re-typing it?
Even if you use an old-school cypher on the content (requiring the recipient to know the code you are using), nothing stops them from forwarding the uncoded translation.
This is along the same linesā¦I just noticed that a very private email of mine which had been going back and forth had R: Re: Fw: R: Re: Re: Re: Re: in the subject lineā¦does this mean that somewhere in there what I wrote was really forwarded????
21-Aug-2010
What if someone puts a legal clause in thier email prohibiting anyone from copying, reproducing, forwarding without thier consent? Is this legal to do that over the public airways? If so, this sets a huge precedence and has huge implications. Steve
26-Mar-2011
Leo,
Youāve provided a valuable discussion. Thanks!
Hereās another one: http://forums.cnet.com/7723-6122_102-252980/how-to-deny-someone-from-forwarding-an-email-you-ve-sent-him/
Jack
I use the email tracking serviceā readnotify.comā. While not 100 % as mentioned by Leo, it does a reasonable job. For example, if you have a repeat distribution list and a person on the list consistently takes an excessive time to open his email, then you have learned that email is not the way to reach him if timeliness is important. If you believe that recipients should be opening your mail withing some period of time you consider to be reasonable, you can see if that has happened by checking the percentage of opened emails. Again, I agree with Leo that we are not dealing in absolutes here but the responses do give you a good sense of the success of your distribution.
If the tracking information provided shows a number of forwards, then you also know that the recipient has taken the message seriously. Also, if you had intended the message to be private and there are a number of forwards shown, this is another story.
I have always been very careful with e-mail. My āmantraā if I would feel comfortable seeing this e-mail in a court deposition, then I push the āsendā button.
Because itās true: think about Oliver North in the Iran-Contra scandal in the 1980s. He thought that deleting his e-mails from the PROFS system would save him from the consequences of his actions. Of curse, it didnāt because e-maisl were recovered, and this was with what was available in the 1980s.
Also, in the past, when I used Outlook for e-mail, I would send with āmessage receivedā and āmessage readā options for anything that I considered worthy of an audit trail. And for the very most important (of which there were few) I would print those e-mails with messages &keep them in a file. Sort of like belt and suspenders worn at the same time.
How about thisā¦ No matter what technology you may or may not be able to use to stop copy/paste, forward, screen-capture, etc., nothing you do can prevent someone from simply using a camera to take a picture of the computer screen.
Absolutely. And of course, thereās always some technology to bypass the blocking.
When asked, I like to say ādonāt say anything in an email that you wouldnāt want to see on a billboardā.
.
One way to make it harder to change emails is to send the sensitive content in a PDF.
.
More secure it to not send sensitive info in the body of the email. Instead include a read only link to a file sharing site like OneDrive, GoogleDrive, DropBox.
.
Your PDF could still be:
More work, but possible.
This whole āconversationā actually boils down to two scenarios:
1. Someone ALTERING a message you wrote. (best defense against this, as reader āGordonā advises, is to write your message in a PDF and send that.
2. Someone FORWARDING your message. In the āoldā days, I would have said ādonāt put in writing anything that you donāt want spread aroundā.
These days, there is no ādeniabilityā. With easily-activated, undetectable, widely legal call recorders, you canāt even restrict messaging to the āspoken wordā with much expectation of confidentiality.
Bottom line? If you have a message meant for only ONE person, write that message (by hand) a piece of paperā¦ go to the recipientā¦ hold it up for them to readā¦ then eat (or burn) the paper!
(No, you canāt even read it TO them; they could be āwiredā. )