9

I get asked this a lot from older people, or for legal matters. They want to forward an email message they've received to another party, while removing any identifying information from the first party - as well as removing some lines from the body of the original email. The most convenient way of doing this is pressing "forward" on your email client, and then backspacing the stuff you don't want.

What are the implications of doing this, considering:

  • The work is often being done to a HTML email message , using a WYSIWYG editor (ex. gmail, yahoo, outlook)

  • Do message headers or other data "follow" when you press forward?

In general, is there a best practice for copy/pasting information from a confidential source (e.g., another email, an internal document) without bringing in additional information accidentally?

I tend to paste everything into a plain-text editor first, because I don't know what an email client does behind the scenes. Is this overly paranoid?

cloneman
  • 379
  • 2
  • 8
  • 2
    Relevant: http://serverfault.com/questions/163160/when-an-email-is-forwarded-does-it-lose-its-original-headers – TTT Dec 17 '15 at 21:54

2 Answers2

5

If you can configure your email client to ensure text is the only thing you are copying, you'll be fine, but most commonly used modern mail clients understand macros, formatting, meta-data etc., so cannot be considered safe unless you can fully control that configuration.

To be honest, unless you know exactly how the email client you use handles data (and meta-data) from emails, copy and pasting into a meta-data unaware application (such as notepad) is the safest bet.

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
1

The most notable confidentiality issue with Forwarding mail comes from the References and In-Reply-To headers. Mail clients more or less treat forwarding as a special kind of replying, where the recipient can be different from the sender and reply-to addresses.

The following is the relevant excerpt from RFC 5322:

Though listed as optional in the table in section 3.6, every message SHOULD have a "Message-ID:" field. Furthermore, reply messages SHOULD have "In-Reply-To:" and "References:" fields as appropriate and as described below.

All major MUAs (I know off) follow this recommendation.

What this means is that the forwarding mail will contain a header like

References: <aoijgla.oirqghq@example.org>, <hqijasda.qoijasg@example.net>

listing all ids of the messages leading up to, and including that of, the forwarded mail. The message ID could be used to find a specific mail and identifies the domain from which the forwarded mail was sent.

As already noted by @RoryAlsop, your current method of removing all markup and copying the forwarded text by hand is likely the best method privacy wise.

Community
  • 1
tarleb
  • 1,200
  • 9
  • 22