Re: [Exim] Adding a disclaimer to out going emails

Top Page
Delete this message
Reply to this message
Author: John W Baxter
Date:  
To: 'exim-users@exim.org'
Subject: Re: [Exim] Adding a disclaimer to out going emails
At 17:20 +0100 6/12/2000, Nigel Metheringham wrote:
>Ian.Marsh@??? said:
>> The server that exim run on is a central hub with no local users,
>> there are various lookups that determine if the email passing through
>> is inbound or not. Anything going out is passed to a single router so
>> I guess that something in there (or a custom transport used only by
>> that router) would be the place to put it but I'm not sure exactly how
>> to do it. Has anyone done this? Any suggestions would be welcome.
>
>This keeps coming up (Philip - can something be added to the FAQ?)
>
>The short answer is that it can be done in theory and the place to do
>that would be in a transport filter.
>
>My standard answer follows:-
>Adding footers to mail in the MTA is wrong because:-
>  1. It breaks digital signatures.  As these became legally binding
>     in the last few weeks thats particularly bad timing


The digital signatures aren't yet legally binding in the US. October 1,
2000 if nothing goes wrong with the conference committee compromise between
House and Senate.

But I agree with the point.

>
> 2. It breaks MIME encoding


Our House and Senate can't stop that. ;-)

>
>  3. It is illegal under German and Dutch law to change the body of
>     a mail message in transit.  It might potentially be illegal in
>     the UK under European law.


Is the message, per that law, "in transit" when it is still bouncing around
inside the originating mail system? The law could be clear one way or the
other; it might not be.

>
>  4. Since the delivered message body was produced by the MTA (not the
>     originator since you modified it), the MTA operator could
>     potentially be sued for any content.
>     [Its interesting that adding a disclaimer of liability *could*
>     be making you liable for the message :-) ]


Yes...although in the corporate environment that's probably not an issue:
the company probably already is liable for what its employees send out.
(Depending on national law.)

>
>  5. Some mail clients (old versions of MS outlook) crash if the message
>     body of an incoming MIME message has been tampered with.

>
> 6. It is not the job of an MTA to modify content.


Alternative (which fails for encrypted mail without provisions for the MTA
to decrypt outgoing mail to check):

The sender is required to add the disclaimer, via the signature mechanism
in the MUA. The MTA refuses to send along messages which don't meet that
requirement, bouncing them back to sender and/or sender's boss. If the
message is "in transit" at that moment that too might be illegal somewhere
(in which case the company's recourse would seem to be to stop using email)
["must deliver mail which has been accepted if technically possible" sorts
of requirements].

Meanwhile, the system administrator, faced with a demand by management to
press on with this can either ignore the reasons not to or find another job
and let the successor worry about it.

--John