In part 1 we discussed the topic of blind trust with standard e-mails and the possibilities of altering their contents without leaving a trace. In other words, trust is good, but control is definitely better in this case.
When it comes to the delivery of standard e-mails, employees have little faith in the technology. How often is the phone grabbed simply to ask "has my e-mail arrived?". And for good reason, because even if no error message is received, the e-mail may still not have been delivered. Some e-mail servers simply remain “mute”. But why is this? Because spammers often try to collect valid e-mail addresses. They attempt to send to *protected email*, *protected email*, *protected email*, and so on. Since most of these addresses do not exist, e-mail servers would send thousands of error messages and could themselves be classified as spammers.
In short, there is no guarantee that any e-mail will actually be delivered!
Unfortunately, read receipts typically do not include information about the original content of the message that was opened for reading, and the e-mails saved under “Sent Items” have no value (see part 1). To take this a step further, many users don't allow the sending of read receipts (including the author of this article) because they are annoying.
In short, there is no guaranteed way to know who has opened what and when.
This is hardly possible with the available means, since in order to design all traffic in a verifiable, comprehensible and auditable manner, it must be possible to answer the following question without any doubt:
who sent what, when and to whom? Let's break this down into its component parts:
So there are a number of issues that need to be considered and resolved. We will investigate one possible approach in part 3 of this series.