External email warning watermark/notice/tagging

Hi all,

I was just wondering. More and more I see the addition on a warning/notice to an external mail message which is added (colorized in red) to the original external inbound mail message e.g:

CAUTION : This email originated from outside the organization. Do not click on a link or open an attachment unless you recognize the sender and know the content is safe.

Was this ‘feature’ ever discussed before, and/or would it be worthwhile discussing it as a useful feature to NS?


Ok, for one, when adding a warning, the message as delivered in the users inbox will no longer be RFC compliant. The original (if centrally archived is).

Two, it should be ‘as easy’ as clamav can change/tagg the subject with ‘SPAM’ notice. (I think)

Hi @LayLow

Just to give my opinion / experiences further concerning this topic…

  1. This feature makes NO sense in small environments, like a Home Server or a SME with 5-20 people / employees. In such small groups, especially those ones with little or NO fluction of people (You can’t “fire” family members!), people tend to know the whole group.

  2. For larger groups / companies / institutions it can make sense, especially the larger an organisation becomes, the more fluctuation there is among the human actors. Then again, a global operating institution or company is NOT the target of NethServer, there are other issues / considerations limiting this…

  3. That the mailserver can’t protect itself against “self-spam” is already a problem. Self-Spam is what I call SPAMs which use a legitimate sender (your own user) to send mail, this will NOT be blocked by the server. And because it is pointed at itself, it won’t be considered as from external, and does NOT need authentification (in most cases). A combination of content scanning, GeoIP, and more would be needed to alleviate this issue…

  4. Even with such a notice in place, there will be plenty of fools (employees, family members, etc.) who generally don’t read / heed such messages.

  5. Changing the links themselves would be more effective, but: Changing the content / links included may not quite be RFC conform, but worse, in a lot of western countries you’ld be handling illegally!
    In less western oriented countries, you just need the nod of approval from the chief honcho, be it putain or the guy who bet his career and third mandate on total No-Covid… :slight_smile:

  6. As easy as Clam-AV? How about just here:

  1. Another (small) thing: Backups will be slightly larger, and also take a little longer…

  2. People suffering from the typical red/green color blindness (max 8% of the male population, 0.5% of the female population in “western” civilizations, less in other cultures.) will simply not see the logical, red warning… (See PS below…).

To be concrete, for my thirty odd clients, it would only make sense for two clients of mine…

My two cents


When I was installing a huge new Multifunction Copier, Scanner, Printer for an advertising company in Zurich some 20 years ago, there was another such Multifunction device right next to the new one I was installing. An employee was trying to print out or copy something, but it did not seem to work… In frustation, he turned to ask me.
I looked at the screen, it was all logical to me: Big RED letters, saying “Toner empty, please replace”. The guy did NOT see that message, it turned out he was color-blind, a fact that I did not know earlier. I actually thought this guy must be ultra dumb, as it’s written on the screen in RED why it was not working… My big mistake! But it is from mistakes that one can learn best…
Color-blind is mostly an inherited issue, not self afflicted - the guy wasn’t at fault at all!
Being color blind can be self afflicted, but needs a fluke accident or some other rare incident to occur.

See also: Color blindness - Wikipedia

I guess I got what I bargained for :wink: Need a bit to digest it, but a first quick scan comes out completely sane. Thanks Andy!

1 Like

Few years ago, Sophos provided a function to alert for message/release if an attachment or a link was present.
The inner recipient received a notification for “a message with potential hazardous content”, with an option for request/release the message if it was expected or desired. The function had a specific Whitelist.

In general, indeed it is a sort of a ‘false feeling of security’, but we will never know the individual companies policies. It may be ‘hear saying, we need it too’, insurance policy requirement, etc etc. But as with all technical gimmicks, this one is also becoming a de facto standard possibility on most big vendor offerings. Let alone adherence and compliance to the RFC, that went out the door a LOOOOOONG time ago, hence email is the most abused tool out there :slight_smile:

So basically we’re facing a mainstream ‘general understanding’ of the public that adding the watermark (whatever color/size) is a logical part of the email (abuse) evolution.

But you are completely right, the issue is in between the chair and the keyboard.