There’s an even bigger problem
No.
And it’s even worse than that — much worse.
Become a Patron of Ask Leo! and go ad-free!
There is no technology that can prevent someone from forwarding or copying a message you’ve sent them. Worse yet, in most cases, it’s also impossible to prevent them from modifying your message when it’s forwarded.
Out of your control
Once you’ve sent a message, it’s gone, and you lose all control over it. And by all control, I mean:
- You cannot “unsend” it, or prevent recipients from reading it.
- You cannot reliably tell if it’s been received.
- You cannot reliably tell if it’s been read, deleted, or forwarded.
- You cannot prevent it from being forwarded, copied, or changed.
This applies to almost all message types: emails, text messages, and messages using dedicated messaging apps. (Some may allow you some control if you act quickly enough after sending your message, but it’s not something you can rely on.)
Reliably?
Note I said “reliably” in a couple of cases. There are simple tracking technologies for formatted email, sometimes allowing you to tell an email has been opened. This technique is not 100% accurate because mail clients have the feature turned off by default to protect your security and privacy.
And, of course, “opening” an email does not necessarily mean the email actually gets read or even seen by anyone.
Changed?
It’s the last item in my list — “You cannot prevent it from being forwarded, copied, or changed” — that should concern you.
I’ll put it more clearly: you cannot prevent someone from changing what your message said before they forward it.
Get that? Not only can they forward your message, but they can change what your message says.
When someone forwards an email, for example, that email becomes the body of a new email, and can be edited before hitting Send. It could be as simple as changing a “yes” to a “no”, an “I love you” to a “Get out of my life”, or perhaps “The boss is a genius” to “The boss is an idiot.”
You get the idea. If you were concerned about your email being forwarded, you can be even more concerned now. You really do need to trust your recipients.
What to do?
If messaging and email are such unreliable media, what can you do?
Well, the simplest first step for this particular issue is to save all your outgoing messages. You’ll then have a record of what you really said.
Second, don’t say anything in email you wouldn’t want to be made public.
Third, if forwarding and/or modification is a concern at all, make sure you’re dealing with someone you trust.
There are technologies like cryptographic message-signing that allow tampering to be detected. Unfortunately, they’re generally used only by some businesses and the tech savvy.
To be honest, it shocks me how much sensitive information is transmitted in email and other messaging media without any protection whatsoever.1
I’m hopeful security and privacy solutions will get easier and more common. For now, though, if someone can read your messages, they can forward, copy, modify, and send it to anyone they choose.
Do this
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
Podcast audio
Related Video
Footnotes & References
1: Other than the silly disclaimer boiling down to “If this message wasn’t intended for you, forget everything you just read.”
Here’s an interesting idea… put a copyright statement in your signature file, stating your e-mail is copyrighted 2006 by you and forwarding is prohibited without your express permission.
According to…
http://www.fplc.edu/tfield/copynet.htm
…as long as you file the copyrighted material with the Library of Congress and pay the copyright fee within 3 months of “publication” (i.e. sending the message), you can sue the person who forwarded the e-mail for $150,000 in statutory damages and attorney fees.
The tricky part is “publication”.
Now, IANAL and from what I’ve read, this is still just a legal *theory*. Whether sending an e-mail to an individual could constitute “publication” is still up in the air and could go either way. It might be worth the $30 to send an e-mail to someone, then file a copyright application for it and see if the Copyright Office approves the application.
If the sending of an e-mail to one person did get legal status as “publication” of the e-mail, it would certainly protect your e-mail from being forwarded by any U.S. recipient if you put the copyright notice in it.
If they forwarded it that day and it caused you harm and/or embarrassment, you could call your lawyer and file a $150,000 suit.
– Greg
a hacker went into my pc and foward message and got all my contact…what can i do to stop this? I already change my password, is this is enough? plz tell me what I have to do?? I am worry if he have acsess to my file.
Thanks
Leticia
If you use Outlook 2003 there is the ability to request read receipts and recevied receipts.. but most of these are diasbled now because of spam and virus vulnerabilities. Bascily things being used maliciously…. so yes.. the capabilities are there for some of the aforementioned inabilities, nevertheless I would look around in the options of your message you’re sending and make the message expire in a short amount of time, that way it doesn’t get forwarded after a certain amount of time. I may be wrong, but i think it works without an exchange server… Leo.. ya or nay?
There’s no way to make a standard e-mail message self-destruct without the receiving party essentially agreeing to it by using software that accepts and executes the self-destruct instructions.
Actually yes there is a way.. Send you email as an html email with the “letter image” being stored on your website or other specified image storage site then after an appropriate time delete the image!
Note: This doesn’t work with embedded image but true html email.
If the receiver copies and pastes the contents of the email or takes a screenshot, that would allow them to forward it.
Yeah, message expiration is just as unreliable as anything else.
Can someone program an email to automatically delete once sent to the recipient or viewed by the recipient?
No.
you may be able to stop people from changing, forwarding, printing and even copying your email. Look into IRM from Microsoft.
From what I can tell that only works with Microsoft products – might be an ok corporate solution (Exchange in the corporation could do some of these things), but not for the general public.
And ultimately, anything the recipient sees on the screen can be captured and printed, and possibly forwarded on.
Think someone is using my email in an outside program. I change my password alot. But lately I am getting return email from a few address that are not mine. this is part of the message.
“This is an automatically generated Delivery Status Notification. Unable to deliver message to the following recipients, due to being unable to connect successfully to the destination mail server.
Outlook user = login to hotmail website”
I use outlook. but NOT on this account. From comments I see that I have been hacked. IS this true? and how do I prevent this from happening, BESIDES changing my password daily or weekly?
Thank you for your time.
Subscribe to the free version of LastPass… And put 40 or 50 character password on your program! THAT ought to slow down your “hacker”.
The comment you are answering is 15 years old and Leo’s answer is most likely correct. It easy to spoof an email return address. It’s highly unlikely those bounce messages are the result of hacking.
It’s quite possible you’ve NOT been hacked. I get bogus bounce messages all the time. This article may help explain a little: http://ask-leo.com/someones_sending_from_my_email_address_how_do_i_stop_them.html
There is a possible solution.
Create a form using the standard Outlook email message. Edit the Properties of the “To” field to include a validation (such as [To] = “recipients_email”), or, simply disable Replying, Forwarding, etc. in the form. Save the form, then use it to send emails.
Food for thought. 🙂
Hardly. There’s nothing to prevent someone from copy/pasting your message into a new message. Or for another mail program that doesn’t use forms to ignore everything you’ve set up and simply allow forwarding.
“I’ll put it more clearly: you cannot prevent someone from forwarding your email, and you also can’t prevent them from changing it before they do so…”
Not true, there’s all sorts of access control software out there, and one specifically that works right out of Outlook… http://www.essentialsecurity.com/products.htm
I stand by my statement. Anything that can be viewed on-screen can be forwarded one way or another.
Saffe does pretty much all of the above (prevent forwarding, make difficult to copy/modify,…). The main drawback is that your recipient has to click on a link to view your message. Other than that it’s basically used like regular email. Check it out http://www.saffe.com
Someone keeps hacking my email and then giving my password back. So that I’m able to use my email and then at other times I’m not. Can you tell me how to make my hotmail secure so that the hacker cannot hack it again? Please reply quickly before the hacker hacks my email again!
I read the article and comments, but nothing seems close to what happened to me. This is everyone’s worst nightmare: My ENTIRE hotmail account of 1,600 e-mail messages (received since 2003) was somehow recently sent to a friend’s PC! I was working on another friend’s computer sending out notices of an upcoming event. Oddly,here was no reply button, so I sent each individual an email by going to file and send. A weird box came up that warned of either a virus or worm, but also stated it could mean I was simply sending out repeated text. The warning asked if I still wanted to send (which I did, as much of the text was indeed repeated text of the same event). Soon thereafter, three of my friends reported receiving emails from the owner of the PC with strange attachments. The owner, an honest person, denys this. As mentioned, only one of these friends (boyfriend) also received my WHOLE email account with access to all my private mail! Does it sound as if my account was hacked into, or the PC I was using, or perhaps the PC of the recepient of my 1,6000 private emails? Needless to say this is a nightmare. Is there any possiblity the receiver of these e-mails could even be responsible? How do I find out? Who should I report this to? My privacy was grossly violated! Thanks.
I concur 110% w/ Leo… Tried a few methods offered directly by MS for Outlook 2003 & Outlook 2007. Neither was even close to being foolproof, even when sending to another person internally. As mentioned all too often – once the message leaves your server, ALL BETS ARE OFF. Someone out there is going to find a way to copy and/ or forward your message.
In our business we type sensitive messages and output them as attached PDF’s. As they are image type PDF’s it makes it a bit more difficult to tamper with.
Lotus Notes does indeed prevents copying. We use it at Office and have found it works ! Leo- what comments ?
19-Jul-2009
Hi,It is possible to make sure your mail is not forwarded provided you are using outlook.But if you are using yahoo or gmail,it is not possibe
30-Aug-2009
I wanted to answer the question being asked about regarding forwarding emails. There is a way in Outlook 2007 on preventing the email from being forwarded. I was not sure if this question is being asked of a previous version or not. In Outlook 2007, the instructions are below. I recall in Lotus years ago the ability to stop forwarding as well as printing of the email.
Open and create the message,
Click the Office Button,
Go to Permission and click Do Not Forward
In Outlook 2003, you would have to create a Form and the problem with this is that both the sender and receipient would both have to be using Outlook.
In Groupwise from Novell, we can unsend email, which comes in PLENTY handy if you “type angry” as Bill Murray would say. If they haven’t opened it, and they don’t have automatic forwarding turned on – it is gone.
Leo, can you address the comments that note the anti-forwarding capabilities in Outlook 2007?
19-May-2010
I agree with Leo – there are so many different ways to pass on the information.
Even if you cannot print it, or screen capture it, if you can read the e-mail what’s stopping you opening a new one and re-typing it?
Even if you use an old-school cypher on the content (requiring the recipient to know the code you are using), nothing stops them from forwarding the uncoded translation.
This is along the same lines…I just noticed that a very private email of mine which had been going back and forth had R: Re: Fw: R: Re: Re: Re: Re: in the subject line…does this mean that somewhere in there what I wrote was really forwarded????
21-Aug-2010
What if someone puts a legal clause in thier email prohibiting anyone from copying, reproducing, forwarding without thier consent? Is this legal to do that over the public airways? If so, this sets a huge precedence and has huge implications. Steve
26-Mar-2011
Leo,
You’ve provided a valuable discussion. Thanks!
Here’s another one: http://forums.cnet.com/7723-6122_102-252980/how-to-deny-someone-from-forwarding-an-email-you-ve-sent-him/
Jack
I use the email tracking service’ readnotify.com’. While not 100 % as mentioned by Leo, it does a reasonable job. For example, if you have a repeat distribution list and a person on the list consistently takes an excessive time to open his email, then you have learned that email is not the way to reach him if timeliness is important. If you believe that recipients should be opening your mail withing some period of time you consider to be reasonable, you can see if that has happened by checking the percentage of opened emails. Again, I agree with Leo that we are not dealing in absolutes here but the responses do give you a good sense of the success of your distribution.
If the tracking information provided shows a number of forwards, then you also know that the recipient has taken the message seriously. Also, if you had intended the message to be private and there are a number of forwards shown, this is another story.
I have always been very careful with e-mail. My “mantra” if I would feel comfortable seeing this e-mail in a court deposition, then I push the “send” button.
Because it’s true: think about Oliver North in the Iran-Contra scandal in the 1980s. He thought that deleting his e-mails from the PROFS system would save him from the consequences of his actions. Of curse, it didn’t because e-maisl were recovered, and this was with what was available in the 1980s.
Also, in the past, when I used Outlook for e-mail, I would send with “message received” and “message read” options for anything that I considered worthy of an audit trail. And for the very most important (of which there were few) I would print those e-mails with messages &keep them in a file. Sort of like belt and suspenders worn at the same time.
How about this… No matter what technology you may or may not be able to use to stop copy/paste, forward, screen-capture, etc., nothing you do can prevent someone from simply using a camera to take a picture of the computer screen.
Absolutely. And of course, there’s always some technology to bypass the blocking.
When asked, I like to say “don’t say anything in an email that you wouldn’t want to see on a billboard”.
.
One way to make it harder to change emails is to send the sensitive content in a PDF.
.
More secure it to not send sensitive info in the body of the email. Instead include a read only link to a file sharing site like OneDrive, GoogleDrive, DropBox.
.
Your PDF could still be:
More work, but possible.
This whole “conversation” actually boils down to two scenarios:
1. Someone ALTERING a message you wrote. (best defense against this, as reader ‘Gordon’ advises, is to write your message in a PDF and send that.
2. Someone FORWARDING your message. In the “old” days, I would have said “don’t put in writing anything that you don’t want spread around”.
These days, there is no “deniability”. With easily-activated, undetectable, widely legal call recorders, you can’t even restrict messaging to the ‘spoken word’ with much expectation of confidentiality.
Bottom line? If you have a message meant for only ONE person, write that message (by hand) a piece of paper… go to the recipient… hold it up for them to read… then eat (or burn) the paper!
(No, you can’t even read it TO them; they could be “wired”. )