We ran into a similar issue, though our customer was much easier to work with. In our case, they simply asked about it, we explained why we were doing it, and they understood but said that if they decided it was critical they might need to move to another host.
While it's bit more painful to use the SpoolName to find out who it was, we opted to use only the domain name variable and the SpoolName for tracking down messages from the AOL feedback loop. As far as the legal issues go, I would say there's equal responsibility on his part to not "assume" that something he "thought was confidential" actually is confidential, and on your part to inform him of the change that would reveal potentially sensitive information in the headers. I would prepare a statement to the customer that explains the reasoning behind the header, that is is to protect their ability to send email to AOL addresses as a participant in the AOL feedback loop, and that you will explore alternative methods of extracting the necessary info in order to alleviate his concerns about revealing sensitive information. I know this doesn't address your primary question about the legal liabilities, but hopefully a legal course can be avoided. Darin. ----- Original Message ----- From: "Dan Horne" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Friday, April 08, 2005 10:16 AM Subject: [Declude.JunkMail] Legalities of adding header info I have a customer that is PO'ed at us. We put the recipients of emails into the headers of every email using Declude's %ALLRECIPS% variable. This is so we can identify the people who incorrectly report us as spammers to AOL just because we forward their mail for them. Since AOL strips that out, we use Declude to figure out who the message was sent to. So this customer gets a bounce message from an email he sent to his clients making extensive use of BCC:. In the headers of the bounced email, he saw his whole client list. Now he's PO'ed, threatening legal action, etc, claiming we are "intentionally forwarding identifying information a user thought was confidential". Any thoughts on the legal liabilities of bypassing the BCC: functionality in this way? My supes has tasked me with finding out about our responsibility in this matter (the email admin instead of the lawyer, natch). -Dan Horne --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
