Is it possible to prevent email forwarding?

BROWSE BY TAG Expert Archive: Information Security Threats,   Application and Platform Security,   Email Protection,   Email Security Guidelines, Encryption and Appliances,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Expert Archive: Information Security Threats The telltale signs of a network attack Will Google Chrome enhance overall browser security? Are there antivirus suites that pick up more than just run-of-the-mill viruses? What tools can a hacker use to crack a laptop password? Are social networking sites an easy target for malicious hackers? What are the dangers of cross-site request forgery attacks (CSRF)? Should social engineering tests be included in penetration testing? What kind of data is compromised during a Google hack? Best practices for using restriction policy whitelists Defining mobile device security concerns Email Security Guidelines, Encryption and Appliances How to confirm the receipt of an email with security protocols Best Email Security Products Can an IP spoofing tool be used to spam SPF servers? WatchGuard acquires email and Web security vendor BorderWare McAfee to acquire email SaaS vendor MX Logic What does 'invoked by uid 78' mean? How to configure firewall ports for webmail system implementation Fierce competition prompted new Cisco email security options Cisco brings email security appliances closer to SaaS Cisco offers more email security choices, but lacks vision

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary asymmetric cryptography  (SearchSecurity.com) challenge-response system  (SearchSecurity.com) cryptographic checksum  (SearchSecurity.com) data encryption/decryption IC  (SearchSecurity.com) elliptical curve cryptography  (SearchSecurity.com) Escrowed Encryption Standard  (SearchSecurity.com) MPPE  (SearchSecurity.com) Quiz: Cryptography  (SearchSecurity.com) session key  (SearchSecurity.com) Twofish  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

Sorry, but there is no way to achieve such functionality using "normal" email. The nature of Simple Mail Transfer Protocol (SMTP) email is that it separates the sender from the receiver, giving the sender no control whatsoever over what happens with the email once it is sent. Even if you were able to magically configure your email so that it could not be forwarded and replies could go only to you, such techniques could be thwarted with a simple cut-and-paste. And even without cutting and pasting, a recipient could still capture screen shots of your materials and forward those. Aside from that, it would still be possible to photocopy a laptop screen or take a photograph of your document on the screen. You get the idea.

So, how to deal with your dilemma, then? Most of the time, problems like yours are handled with a carefully phrased disclaimer notice at the bottom of the email. Sure, it's not a technological solution, but disclaimers make it perfectly clear to recipients that they're receiving sensitive information and should treat it as such.

Another option is to avoid sending sensitive information via email altogether. Instead, send your users messages to let them know that your content is available on your Web site, which you can then link to. Depending on the sensitivity of your Web site data, you may want to authenticate your users. If phishing is a concern, you may want to authenticate yourself to your users.

At your Web site, the users could view your data either in HTML or -- if you want to lower the chance of them copying and editing it -- a protected PDF file. Yes, the bad guys can get around all such protections as described above, but at least casual forwarding would be prevented.

There are commercial cryptographic products that minimize the chances of email forwarding, but they can be bypassed in the ways cited earlier. Still, if you are willing to spend some money, you may want to consider a plug-in like Taceo. It may inconvenience users slightly, but it allows employees to better protect sensitive content.

More information: