[unisog] Outlook/Exchange and "Read Receipt" : privacy ?

Greg Francis francis at gonzaga.edu
Sun Sep 22 16:15:54 GMT 2002


In looking at Outlook XP, it seems like this might be able to be disabled.

Tools->Options->E-Mail Options(on Preferences pane)->Tracking Options

I don't believe there was an option like this in Outlook 98. Not sure
about Outlook 2000. I did get some complaints when we first went to
Exchange with Outlook 98 about not being able to disable this feature.

If I recall correctly (can't verify right now), there is an option in the
Internet Mail Connector to ignore read receipt requests coming in through
the connector. I just tried sending messages from the Internet to my
Exchange mailbox with read receipt on and the Read Receipt value is blank
whereas other Outlook mail showed yes or no. I'm pretty sure that's a
result of disabling read receipt requests in the IMC.

I'm running Exchange 5.5 so Exchange 2000 may be different.

As far as privacy goes, I do think that it's a problem if it can't be
disabled. We didn't worry about it too much when we migrated the
employees in 1999 and our students use SMTP/IMAP on Linux so they aren't
affected. Since it looks like it can be disabled through both the
IMC connector setting and locally (if they have Outlook XP), then I think
it's not an issue.

Greg


Greg Francis                                Gonzaga University
Sr. System Administrator                    Spokane Washington
francis at gonzaga.edu                         509-323-6896

> From: Andre Earl Paquet [mailto:Andre.Earl.Paquet at UMontreal.CA]
> Sent: Friday, September 20, 2002 4:15 PM
> To: unisog at sans.org
> Subject: [unisog] Outlook/Exchange and "Read Receipt" : privacy ?
>
>
> Hi,
>
>      I would like to have the opinion of the readers of this list about what
> seems to me as a privacy problem with the "Read Receipt" feature of Outlook
> under Exchange.
>
>      a) my University has decided to make Exchange (and Outlook)
>         our official email platform. For now, it is just for
>         the employees (including teachers), but sooner or later,
>         the students will go this way. The service is being
>         deployed with Exchange 2000.
>
>         Note : please, no flame about the choice in itself. It's
>                not my choice either, but I have to live with it.
>
>      b) I was recently informed about the "Read Receipt" feature
>         (along with the "Delivery Receipt" feature) of Outlook,
>         under Exchange.
>
>         I have privacy concerns about the "Read Receipt" feature.
>
>         Here is how it goes : an Outlook user (the sender) may
>         request to receive (from Exchange) a "Read Receipt"
>         when the destination user reads the message. The
>         destination user has no way to decide (and to enforce)
>         that he/she does not wish anybody to know when he reads
>         (or does not read) this or that message. I am told, this
>         is only configurable globally for the Exchange site,
>         and not individually.
>
>         Also, I am told that this confirmation is also sent to
>         whoever has requested it, even if the sender is outside
>         the Exchange domain.
>
>      c) Please correct me, if I don't get it technically.
>
>      d) If all this is true, it seems intolerable to me, from
>         a privacy standpoint. I have already received complaints
>         from people considering that what message they read or
>         don't read is their own business. I agree with those
>         complaints.
>
>         Some people tell me that it is not worse that registered
>         mail. I disagree because :
>               -registered mail is not free so it generally isn't
>                used frivolously;
>               -anybody in a household can sign to accept
>                registered mail : so it is not a proof that
>                is was read.
>
>      So, I would like to have your opinion : do you think a "Read Receipt"
> is an acceptable feature in a University ? What do you do yourself (if you
> are in the same situation) ?
>
> Thank you,
>
> --
>
>  Andre Earl Paquet (CISSP)
>  Officier de securite informatique / Security Officer  Universite de
> Montreal, D.G.T.I.C.  Immeuble Principal  Case Postale 6128, Succursale
> Centre-Ville  Montreal, QC  Canada  H3C 3J7
>
>  tel.  : (514) 343-6111 ext 5205
>  fax   : (514) 343-2155
>  email : Andre.Earl.Paquet at UMontreal.CA
>          securite at UMontreal.CA
>




More information about the unisog mailing list