Security Basics mailing list archives

RE: Email expiration?

From: "Soderland, Craig" <craig.soderland () sap com>
Date: Fri, 16 Jun 2006 09:06:05 -0400

Actually yes but with some caveats. 

1. Must be using Outlook 2003. (both sender and recipient.) 
2. user must not copy mail to hard drive. Take screen shot etc... 

How to assuming the above obligations are met: 

1. Start composing an e-mail message.
2. Click the "Options" button.
3. When the "Options" dialog appears, check "Expires after".
4. In the next two pull-downs, select the date and time when you want
the e-mail to expire.
5. Click "OK".

There also used to be a tool, for outlook (3rd party.) that basically
encrypted you entire mail, and whatever expiration date you set on it
was sent to their web site that maintained the key. 

The person receiving the mail had to click on a link or some such thing
to view the mail in outlook. After the expiration date passed the key
went away. The may was not really deleted from the recipient's mailbox
but also it was no longer readable. The outlook plug-in's that glued the
whole thing together would also prevent you saving the mail off to your
disk or even forwarding depending on the flags set when the mail was
originally sent. 

The caveat here is that users without outlook could not view any mail
you sent, and it is/was possible for you to still take a screen shot.

-----Original Message-----
From: Ansgar -59cobalt- Wiechers [mailto:bugtraq () planetcobalt net]
Sent: Thursday, June 15, 2006 7:25 AM
To: 'security basics'
Subject: Re: Email expiration?

On 2006-06-14 Thiago Lima @ WF wrote:

    There's any way to 'auto-destroy' na email sent after N days?

    I'd like to send an email to someone and after N days the email
became unreadeble. Is that possible? I thougth about a certificate

that

expires. Will that work?

No.

Does something like that exists?


There are some services that try to provide this by avoiding the

medium

e-mail. Basically they provide a web-interface where the recipient can
read the message you sent, and after N days the message is deleted (or
access to it is denied or something). However, anyone who is able to
read the message will be able to copy its content or make a screenshot
while he is able to read it, so the whole attempt at making the

message

unreadable after a given time-period is utterly futile.

Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

Current thread:

Re: Wifi Setup Saqib Ali (Jun 13)
- Message not available
  - Re: Wifi Setup Saqib Ali (Jun 13)
    - Email expiration? Thiago Lima @ WF (Jun 14)
    - Re: Email expiration? Noaman Khan (Jun 15)
    - Re: Email expiration? paul.johnson8 () gmail com (Jun 15)
    - Re: Email expiration? Alexander Klimov (Jun 15)
    - Re: Email expiration? Jim Halfpenny (Jun 15)
    - Re: Email expiration? Ansgar -59cobalt- Wiechers (Jun 15)
    - RE: Email expiration? Soderland, Craig (Jun 16)
    - Re: Email expiration? Ansgar -59cobalt- Wiechers (Jun 16)
    - Re: Email expiration? Saqib Ali (Jun 15)
    - Re: Email expiration? Kurt Buff (Jun 15)
    - Re: Email expiration? Stephen John Smoogen (Jun 16)