Skip to content


Marking your e-mails as private the “proper” way

I’ve recently read in the news someone having some legal trouble because of a personal e-mail he sent which was not formally marked as personal. The details aren’t important here. Basically, the conclusion I reached from reading some discussions on the topic is: if you don’t formally mark an e-mail you send as “personal” or “confidential”, the recipient can make it public, and if you used your company’s mailbox, your company can legally read it, too.

A simple workaround is to put some [private] tag in the mail subject, but that’s not very subtle so I guess you’ll probably want to keep it for the most extreme situations.

My favorite way is to use e-mail headers. They tend to be underrated, but provide quite a few interesting features, and one of them is the “Sensitivity” header. Granted, it’s not very widely supported, but it’s in the RFC (for instance in RFC 2156, published in January 1998, and in RFC 4021, published in March 2005). This header allows you to mark your e-mails as “Personal”, “Private” or “Company-Confidential” (note that, unlike can be read sometimes, “Confidential” isn’t an option, at least according to RFC 2156). Although most webmails and clients won’t display it, it will still be there. I don’t know strong this can stand in court, but if the legal crowd can claim that an obviously personal e-mail isn’t one because it’s not tagged as such, I suppose they can admit that such an e-mail is indeed personal if there’s a header formally saying so, even if it’s not as obvious as it should.

Anyway, since this sensitivity header is poorly supported, to say the least, you’ll probably have some troubles setting it. In Thunderbird, you can set it be setting the mail.compose.other.header setting to Sensitivity (if this setting isn’t empty, just append Sensitivity to it after a coma). Then (after restarting Thunderbird) when you compose an e-mail, you can set the sensitivity the same way to define for instance a Cc recipient. You could also configure Thunderbird to automatically set the sensitivity of all outgoing messages to some specific value, for instance by using:
user_pref("mail.identity.id1.headers", "sensitivity");
user_pref("mail.identity.id1.header.sensitivity", "Sensitivity: Private");

(NB: replace 1 by the actual # of your identity id)
For more information on setting custom headers in Thunderbird, see MozillaZine – Custom headers

Update (2013-10-17)

Actually, the method using mail.identity.id1.headers configures headers on a per identity basis. If you have several accounts in Thunderbird and want to configure them all with the sensitivity header, you’d better use mail.identity.default.headers, like:
mail.identity.default.headers = xmailer,sensitivity
mail.identity.default.header.sensitivity = Sensitivity: Private

NB: in this example, mail.identity.default.headers was set to “xmailer” before my modification. It’s a coma-separated list of custom header setting names (the “sensitivity” in bold could be any other name).

Posted in Internet, privacy.


One Response

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

  1. David says

    Just testing the new installation. There should be much less downtime now (if any! :))



Some HTML is OK

or, reply to this post via trackback.

Sorry about the CAPTCHA that requires JS. If you really don't want to enable JS and still want to comment, you can send me your comment via e-mail and I'll post it for you.

Please solve the CAPTCHA below in order to fight spamWordPress CAPTCHA