How do I restrict changes to the original text/content of an email from others?

Posted on 2005-04-20
Last Modified: 2010-04-08
Using Outlook 2003 - A highly valued customer (John Doe) would like to restrict any changes being made to emails he sends out to 'Jane Doe.'

For example: When 'Jane' receives John's email, she will Forward the message to others still.  The problem is that when she clicks the Forward button, this allows her to scroll down and modify the original text of John's message. John does not want the original text modified in any way.  He sends the message out as Plain Text with the security option of Read Only (New Message > Tools > Options > Security tab > Read Only); however, Jane is still able to make modifications once she clicks the Forward or Reply button.  Is this type of restriction possible?
Question by:phonemate
    LVL 45

    Expert Comment

    Hi phonemate,

    >  Is this type of restriction possible?
    No ... what you can do is append message hash to the message. If changes are made to the message, hash will not match ...
    They will not prevent modification but they will help detect one.

    Read a bit into digital signatures

    Another option would be to put content of message on a web page (which can be protected) and pass the link to it in a mail ... However, it will be clumsy for mail exchanges and still leaves out possiblity for copy paste and modify.

    LVL 28

    Expert Comment

    Perhaps send the message as an attached PDF?

    Chris B
    LVL 45

    Accepted Solution

    PDFs can be edited too ...
    You can add password protection to PDFs, but there are tools to recover those passwords too.

    Yet another way would be to copy paste, edit and then forward.

    The most difficult task would be to find a meaningful alteration of the original message which generates the same message signature ... but then, that is not prevention of alteration, it is capability of detection of alteration.

    Preventing alteration when information is on another system is very very hard to accomplish ... I have not come across a reliable method for the same. Once they have the data, they have complete control over it.

    Author Comment

    I appreciate the quick response, thank you.  The whole organization is currently using Digital Cert's for email; top executives even use encryption.  That, in itself, is becoming a problem as the 'now-common' digital validity is not checked as much anymore.  We are just trying to automate the process but did find that a mischievous modifier can easily sign the message to appear valid.

    Adobe .pdf's, for now, are just out of the question and will not ultimately be done by most clients - path of least resistance (for clients) is to just shoot an email.

    LVL 45

    Expert Comment

    >a mischievous modifier can easily sign the message to appear valid
    You mean in an undetectable fashion? Or just appending the signature to look authentic?
    If each user has a separate key (and keys can be asymmetric - private one used for signing and public one used for verification) then it is going to be hard for the modifier to change the message

    Author Comment

    I see what you are saying and I agree... Currently we have everyone with a seperate key with digital certs for ID, email, and encryption. Using the original text from before, Jane can open John's email, modify the text, sign with her cert and forward to a new audience - Reading "From the Boss (John)." The audience in this case will just believe all text is true seeing the signed email from Jane... Sure Jane can get fired if caught - but once again, we are trying to automate the process to not allow this to happen in the first place.

    I went ahead and contacted Microsoft rep's on this issue to discuss further details and options.  Although it can be done, lots and lots of funds would be needed for upgrades to our current systems. If you would like I can post their comments??
    LVL 45

    Expert Comment

    It would sure be very educating ... Do post more information if possible

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Suggested Solutions

    Title # Comments Views Activity
    Email Body 4 31
    IDFix X500 addresses 5 18
    Office365 Outlook Profile Manual Setup Error 2 23
    Outlook 2013  - shared folders 14 28
    This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now