No. And there’s an even bigger problem.
No.
And it’s even worse than that.
Become a Patron of Ask Leo! and go ad-free!
There is no technology that can prevent someone from forwarding or copying a message you’ve sent them. Worse yet, in most cases, it’s also impossible to prevent them from modifying your message when it’s forwarded.
Out of your control
Once you’ve sent a message, it’s gone, and you lose all control over it. And by all control, I mean:
- You cannot “unsend” it or prevent recipients from reading it.
- You cannot reliably tell if it’s been received.
- You cannot reliably tell if it’s been read, deleted, or forwarded.
- You cannot prevent it from being forwarded, copied, or changed.
This applies to almost all message types: emails, text messages, and messages using dedicated messaging apps. (Some may allow you some control if you act quickly enough after sending your message, but it’s not something you can rely on.)
Reliably?
Note I said “reliably” in a couple of cases. There are simple tracking technologies for formatted email that sometimes allow you to tell an email has been opened. This technique is not 100% accurate because email programs have the feature turned off by default to protect your security and privacy.
And, of course, “opening” an email does not necessarily mean the email gets read or even seen by anyone.
Changed?
It’s the last item in my list — “You cannot prevent it from being forwarded, copied, or changed” — that should concern you.
I’ll put it more clearly: you cannot prevent someone from changing what your message said before they forward it.
Get that? Not only can they forward your message, but they can change what your message says.
When someone forwards an email, for example, that email becomes the body of a new email, and can be edited before hitting Send. It could be as simple as changing a “yes” to a “no”, an “I love you” to a “Get out of my life”, or perhaps “The boss is a genius” to “The boss is an idiot.”
You get the idea. If you were concerned about your email being forwarded, you can be even more concerned now. You really do need to trust your recipients.
What to do?
If messaging and email are such unreliable media, what can you do?
- Well, the simplest first step for this particular issue is to save all your outgoing messages. You’ll then have a record of what you really said.
- Since you’re saving your sent messages, don’t forget the first rule of email: don’t say anything in email you wouldn’t want to be made public.
- If forwarding and/or modification is a concern at all, make sure you’re dealing with someone you trust.
- If critical, use other communication methods that don’t rely on print, such as the phone. (As lawyers often do.)
There are technologies like cryptographic message-signing that allow tampering to be detected. Unfortunately, they’re generally used only by some businesses and the tech-savvy.
To be honest, it shocks me how much sensitive information is transmitted in email and other messaging media without any protection whatsoever.1
I’m hopeful security and privacy solutions will get easier and more common. For now, though, if someone can read your message, they can forward, copy, modify, and send it to anyone they choose.
Do this
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
Podcast audio
Related Video
Footnotes & References
1: Other than the silly disclaimer boiling down to “If this message wasn’t intended for you, forget everything you just read.”
Here’s an interesting idea… put a copyright statement in your signature file, stating your e-mail is copyrighted 2006 by you and forwarding is prohibited without your express permission.
According to…
http://www.fplc.edu/tfield/copynet.htm
…as long as you file the copyrighted material with the Library of Congress and pay the copyright fee within 3 months of “publication” (i.e. sending the message), you can sue the person who forwarded the e-mail for $150,000 in statutory damages and attorney fees.
The tricky part is “publication”.
Now, IANAL and from what I’ve read, this is still just a legal *theory*. Whether sending an e-mail to an individual could constitute “publication” is still up in the air and could go either way. It might be worth the $30 to send an e-mail to someone, then file a copyright application for it and see if the Copyright Office approves the application.
If the sending of an e-mail to one person did get legal status as “publication” of the e-mail, it would certainly protect your e-mail from being forwarded by any U.S. recipient if you put the copyright notice in it.
If they forwarded it that day and it caused you harm and/or embarrassment, you could call your lawyer and file a $150,000 suit.
– Greg
a hacker went into my pc and foward message and got all my contact…what can i do to stop this? I already change my password, is this is enough? plz tell me what I have to do?? I am worry if he have acsess to my file.
Thanks
Leticia
If you use Outlook 2003 there is the ability to request read receipts and recevied receipts.. but most of these are diasbled now because of spam and virus vulnerabilities. Bascily things being used maliciously…. so yes.. the capabilities are there for some of the aforementioned inabilities, nevertheless I would look around in the options of your message you’re sending and make the message expire in a short amount of time, that way it doesn’t get forwarded after a certain amount of time. I may be wrong, but i think it works without an exchange server… Leo.. ya or nay?
There’s no way to make a standard e-mail message self-destruct without the receiving party essentially agreeing to it by using software that accepts and executes the self-destruct instructions.
Actually yes there is a way.. Send you email as an html email with the “letter image” being stored on your website or other specified image storage site then after an appropriate time delete the image!
Note: This doesn’t work with embedded image but true html email.
If the receiver copies and pastes the contents of the email or takes a screenshot, that would allow them to forward it.
Yeah, message expiration is just as unreliable as anything else.
Can someone program an email to automatically delete once sent to the recipient or viewed by the recipient?
No.
you may be able to stop people from changing, forwarding, printing and even copying your email. Look into IRM from Microsoft.
From what I can tell that only works with Microsoft products – might be an ok corporate solution (Exchange in the corporation could do some of these things), but not for the general public.
And ultimately, anything the recipient sees on the screen can be captured and printed, and possibly forwarded on.
Think someone is using my email in an outside program. I change my password alot. But lately I am getting return email from a few address that are not mine. this is part of the message.
“This is an automatically generated Delivery Status Notification. Unable to deliver message to the following recipients, due to being unable to connect successfully to the destination mail server.
Outlook user = login to hotmail website”
I use outlook. but NOT on this account. From comments I see that I have been hacked. IS this true? and how do I prevent this from happening, BESIDES changing my password daily or weekly?
Thank you for your time.
The comment you are answering is 15 years old and Leo’s answer is most likely correct. It easy to spoof an email return address. It’s highly unlikely those bounce messages are the result of hacking. Sending the message as a PDF attachment or any attachment won’t thwart changing the email as a recipient can delete attachments and replace them with other attachments or even add malware attachments to the file. In most cases, a changed or added attachment can be analyzed and detected as a fake, but that takes computer skills.
It’s quite possible you’ve NOT been hacked. I get bogus bounce messages all the time. This article may help explain a little: http://ask-leo.com/someones_sending_from_my_email_address_how_do_i_stop_them.html
There is a possible solution.
Create a form using the standard Outlook email message. Edit the Properties of the “To” field to include a validation (such as [To] = “recipients_email”), or, simply disable Replying, Forwarding, etc. in the form. Save the form, then use it to send emails.
Food for thought. :)
Hardly. There’s nothing to prevent someone from copy/pasting your message into a new message. Or for another mail program that doesn’t use forms to ignore everything you’ve set up and simply allow forwarding.
“I’ll put it more clearly: you cannot prevent someone from forwarding your email, and you also can’t prevent them from changing it before they do so…”
Not true, there’s all sorts of access control software out there, and one specifically that works right out of Outlook… http://www.essentialsecurity.com/products.htm
I stand by my statement. Anything that can be viewed on-screen can be forwarded one way or another.
Saffe does pretty much all of the above (prevent forwarding, make difficult to copy/modify,…). The main drawback is that your recipient has to click on a link to view your message. Other than that it’s basically used like regular email. Check it out http://www.saffe.com
Someone keeps hacking my email and then giving my password back. So that I’m able to use my email and then at other times I’m not. Can you tell me how to make my hotmail secure so that the hacker cannot hack it again? Please reply quickly before the hacker hacks my email again!
You need to change the password and make it long, at least 14 characters. Then, check the recovery information on that account to make sure you own those recovery accounta and phone numbers.
My Email Is Hacked, How Do I Fix It?
I concur 110% w/ Leo… Tried a few methods offered directly by MS for Outlook 2003 & Outlook 2007. Neither was even close to being foolproof, even when sending to another person internally. As mentioned all too often – once the message leaves your server, ALL BETS ARE OFF. Someone out there is going to find a way to copy and/ or forward your message.
In our business we type sensitive messages and output them as attached PDF’s. As they are image type PDF’s it makes it a bit more difficult to tamper with.
True. It makes it a bit more difficult, but only a bit. PDFs and image files can be edited or simply replaced with new files. Thhose would likely be detectable via the meta data of the file, but even that can be altered by a hacker.
Hi,It is possible to make sure your mail is not forwarded provided you are using outlook.But if you are using yahoo or gmail,it is not possibe
30-Aug-2009
In Groupwise from Novell, we can unsend email, which comes in PLENTY handy if you “type angry” as Bill Murray would say. If they haven’t opened it, and they don’t have automatic forwarding turned on – it is gone.
Leo, can you address the comments that note the anti-forwarding capabilities in Outlook 2007?
19-May-2010
I agree with Leo – there are so many different ways to pass on the information.
Even if you cannot print it, or screen capture it, if you can read the e-mail what’s stopping you opening a new one and re-typing it?
Even if you use an old-school cypher on the content (requiring the recipient to know the code you are using), nothing stops them from forwarding the uncoded translation.
This is along the same lines…I just noticed that a very private email of mine which had been going back and forth had R: Re: Fw: R: Re: Re: Re: Re: in the subject line…does this mean that somewhere in there what I wrote was really forwarded????
21-Aug-2010
The recipient can easily remove the re:s or fwd:s before forwarding or answering an email. Those are prepended as soon as you click on the Response or Forward icons. You can edit the subject line just as easilyas any other part of the email including attachments etc. And since everythind is editable, the forwarded message can be very different from the original.
What if someone puts a legal clause in thier email prohibiting anyone from copying, reproducing, forwarding without thier consent? Is this legal to do that over the public airways? If so, this sets a huge precedence and has huge implications. Steve
26-Mar-2011
I have always been very careful with e-mail. My “mantra” if I would feel comfortable seeing this e-mail in a court deposition, then I push the “send” button.
Because it’s true: think about Oliver North in the Iran-Contra scandal in the 1980s. He thought that deleting his e-mails from the PROFS system would save him from the consequences of his actions. Of curse, it didn’t because e-maisl were recovered, and this was with what was available in the 1980s.
Also, in the past, when I used Outlook for e-mail, I would send with “message received” and “message read” options for anything that I considered worthy of an audit trail. And for the very most important (of which there were few) I would print those e-mails with messages &keep them in a file. Sort of like belt and suspenders worn at the same time.
How about this… No matter what technology you may or may not be able to use to stop copy/paste, forward, screen-capture, etc., nothing you do can prevent someone from simply using a camera to take a picture of the computer screen.
Absolutely. And of course, there’s always some technology to bypass the blocking.
When asked, I like to say “don’t say anything in an email that you wouldn’t want to see on a billboard”.
.
One way to make it harder to change emails is to send the sensitive content in a PDF.
.
More secure it to not send sensitive info in the body of the email. Instead include a read only link to a file sharing site like OneDrive, GoogleDrive, DropBox.
.
Your PDF could still be:
More work, but possible.
Fully granted, Leo, but it’s the “more work” that makes such ideas worth considering.
It’s true, it’s impossible to prevent someone from capturing, altering, or forwarding what you send — and quite possibly ALL THREE — BUT, it IS perfectly possible to make it so difficult to do so, that most evil-minded people will consider it to be “just not worth the effort.”
This whole “conversation” actually boils down to two scenarios:
1. Someone ALTERING a message you wrote. (best defense against this, as reader ‘Gordon’ advises, is to write your message in a PDF and send that.
2. Someone FORWARDING your message. In the “old” days, I would have said “don’t put in writing anything that you don’t want spread around”.
These days, there is no “deniability”. With easily-activated, undetectable, widely legal call recorders, you can’t even restrict messaging to the ‘spoken word’ with much expectation of confidentiality.
Bottom line? If you have a message meant for only ONE person, write that message (by hand) a piece of paper… go to the recipient… hold it up for them to read… then eat (or burn) the paper!
(No, you can’t even read it TO them; they could be “wired”. )
Leo, you wrote:
“…Other than those clever and ingenious disclaimers, boiling down to ‘If this message wasn’t intended for you, forget everything you just read.’”
(1) See what I just did there?
(2) LOL!!! I get those all the time, and I always almost choke with laughter every time I read one. Who the “H” do they think they’re kidding?!?
Even worse, that disclaimer might have the Streisand Effect
“In 2003, actress Barbra Streisand attempted to suppress photos taken of her home. The net result was that those photographs got even more public attention than they would have had she just said or done nothing. This unintended consequence of bringing more attention to something by the act of trying to suppress it has become known as The Streisand Effect.”
Leo, you wrote:
“Since you’re saving your sent messages, don’t forget the first rule of email: don’t say anything in email you wouldn’t want to be made public.”
I’d suggest we all take that further by saying:
“If you wouldn’t say/do it in public, don’t say/do it online/in email/text/etc.”.
For me, being on the Internet or using any form of Internet-based communication is being in public, and no one who does so can have any expectation of privacy at all.
My2Cents,
Ernie (Oldster)
The fact that emails can easily be altered makes for perfect deniability. In a situation where a problem arises from a forwarded or copied email, you can reasonably claim it was altered and not what you wrote. This of course does not apply to a problem with a government that has the power to obtain an original from your email provider. Even then however, did you actually write the email?