non-forwardable email

[M0nkeyb0Y]

Is it possible?

At work we send a daily email out that people subscribe to - problem is the fee payers then forward it on, so we're losing customers in some cases.

Anyone got any experience?

[Salazaar]

DRM on emails...? Not heard of it, I imagine it would be even harder to apply than DRM on most other media.

[M0nkeyb0Y]

I was thinking the only way to do it would be to provide a link to a website by email and then get them to log in, but this is far from ideal... any other suggestions?

[Splash]

http://office.microsoft.com/en-us/ou...429741033.aspx might help if using Outlook.

[peterb]

I don't think that would stop anyone cutting and pasting though.

[M0nkeyb0Y]

I don't think that would stop anyone cutting and pasting though.

these old duffers probably aren't up to that level of criminal intelligence!

[Splash]

I don't think that would stop anyone cutting and pasting though.

You can create messages with restricted permission to help prevent messages from being forwarded, printed, or copied. If you attach a Microsoft Office 2003 document to a message with restricted permission, the document will be automatically restricted

Granted there are no doubt ways around it, and it's not something I have personally used but itdoes rather seem to fit the OPs requirements rather well.

[peterb]

Probably easiest way to circumvent would be to use an alternative e mail client and Open Office!

[Splash]

Probably easiest way to circumvent would be to use an alternative e mail client and Open Office!

Nope, only works with Office 2003 and above. If a suitable client cannot be found you can install the Rights Management Addon for IE

All in all it seems to be a reasonably thought out bit of software.

[russelld]

There are more general (i.e non Outlook specific) ways of encrypting emails.

Some of the Internet services which purport to allow you to send secure emails merely send a link to a specific page on their website.

I don't know what your budget is, but a couple of years ago I looked at Voltage SecureMail (http://www.voltage.com/products/securemail.htm), which allowed messages to be decoded in a browser.

It claims to use the recipients email address as the encryption key - but it uses that in combination with an additional key.

Another option could be to embed an invisible (or even not-so-invisible logo) in your HTML emails, frequently referred to as a web-beacon. It may not be displayed if the recipient doesn't elect to view linked graphics, but if you design your page to look poor without it, they will be tempted to just click and trust your domain. If you use mailing software to generate unique references for each subscriber, then you will be able to uniquely track (from the webserver logs of wherver that graphic is hosted) how many times (and from what IP's) each email is viewed.

Russell

See http://www.strom.com/awards/192.html
http://www.mailchimp.com/resources/h...l_emails.phtml

[peterb]

There are more general (i.e non Outlook specific) ways of encrypting emails.



See http://www.strom.com/awards/192.html
http://www.mailchimp.com/resources/h...l_emails.phtml

It isn't an encryption/privacy issue - the requirement is a method to stop a legitimate recipient forwarding the material on to someone who isn't authorised to receive it.

[russelld]

But encryption is one way of ensuring that it is difficult to forward on messages...

Of course, just like the analogue hole, there are ways around it, but the idea is to make it as difficult as possible for people to propagate the information.

With something like the Voltage hybrid email & web solution, it would entail people forwarding on their credentials, which is not something most people would contemplate doing...

Russell

[Splash]

it would entail people forwarding on their credentials, which is not something most people would contemplate doing...

Russell

I think you might be surprised...

[russelld]

oh dear... I probably don't want to know...

I design network security infrastructure that makes the assumption that people in my organisation don't....

I think that it probably *is* true of where I work, in that people would probably be a bit reluctant to pass on their main login credentials (because of the repercussions if it got discovered), so given that we try to employ SSO (Single Sign On) it's probably a safe assumption.

However, I can well imagine than in order places, things aren't so strict and people aren't so careful.

I remember when I started work in my first job (10 years ago, gulp), I went to the trading floor and discovered each traders passwords scribbled in biro on the bezels of their 21" Eizo CRT monitors.

I don't know if I was more shocked that lovely IT kit (for the time) had been defaced, or that these were the passwords to both login to Windows and also the trading systems....

Russell

[Splash]

I forget where I read it (probably at El Reg, but it was linked to a reputable source at the time), but I was personally shocked when I saw of the number of people who will give up their username/password without much incentive. 9 times out of 10 the user is the weakest link in any security situation.