Monday, April 25, 2005

Much ado about disclaimers

One of the most common questions that pops up in the newsgroups is how to put a disclaimer on the bottom of all outgoing e-mail messages. Something like this:

This e-mail is intended for the addressee shown. It contains information that is confidential and protected from disclosure. Any review, dissemination or use of this transmission or its contents by persons or unauthorized employees of the intended organisations is strictly prohibited. The contents of this email do not necessarily represent the views or policies of Somorita Surfboards Corporation, its employees, law firm, accountants, stockholders, etc....

I avoid these puppies like the plague. First and foremost, is that there is no precedence in law that these are legally binding. Second, if a bad person that should not have read this message sees the disclaimer, are they going to repent and say "Gee, I was going to pass this sensitive message on to all the other evil-doers I know, but well, since it has a disclaimer on it..."

Finally (and from a technical perspective the most important), most of these disclaimer solutions will break your S/MIME digital signatures. The S/MIME digital signature is generated by the client (such as Outlook or Outlook Express) when the user clicks Send. If anything alters the message body or attachments after that point, the message digest (hashed value of the message) will change.

Need more fuel for the disclaimer fire? Here is an interesting and humorous take on Stupid Email Disclaimers.

Avoid disclaimers, PST files as primary e-mail storage, and brick-level backups! If you have to have disclaimers, require that the clients/users put them on the message using Outlook's auto-signature function.

2 Comments:

At 5:02 PM, Blogger Fuzan said...

Hi,
Just want to know your opinion.
How can I use this disclaimer and S/MIME digital signature together.
I can't avoid this disclaimer because it setting by server.

 
At 5:02 PM, Blogger Fuzan said...

Hi,
Just want to know your opinion.
How can I use S/MIME digital signature and using this disclaimer together. I can't avoid this disclaimer because it setting by server.

 

Post a Comment

<< Home