Easy E-mail disclaimers using Policy Patrol

May 4, 2009 · 0 comments

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

We’ve all been there.  The CEO, corporate council and/or other executives are demanding that the company have a legal disclaimer at the end of all E-mail messages.  Their obvious solution is to demand that every user put the disclaimer at the end of their signature block.  That quickly becomes a nightmare as every internal message between users is cluttered with disclaimers taking more text and space than the actual message.  It is impossible to read the thread and everyone is fed up.  Not only that, the executives are all using Smartphones that have limited screen space and trying to read around those disclaimers and follow the real information is impossible.  The answer:  scream at the IT group to do something about this and do it now.

What are the options?  The quick and cheap answer was tried and failed.  The next thing is to look at your outgoing E-mail gateway systems or services to see what they can do.  Generally, this eliminates the internal mail problem, but it did not help with mail leaving the company.  It continues to have disclaimers piled up at the end of the mail like a garbage heap or it continues to follow the signature blocks and interrupt the communication flow.  If they pile up at the end, it is not unusable, but that is a lot of data to move between Smartphones and PDAs and depending on your data plan, it can add to the costs.

Some mail gateway products like the Symantec Brightmail Gateway, which  I wrote about earlier have an option for handling disclaimers, but they are fairly crude as mentioned above.  Sure, you can try and write rules that attempts to eliminate multiple disclaimers, but it is difficult and can still cause problem reports from users.

Now, to be honest, I am no fan of having these disclaimers on E-mail messages.  First of all, they just add extra junk to E-mail which is already struggling with advertisements from services like Google, Yahoo and MSN and everyone knows that SPAM is everywhere.  A lot of SPAM filters around the world will interpret the text of a legal disclaimer as SPAM and cause mail to be delayed or lost which will really cause anger in your sales departments and executives.  They will blame the IT department for the problem regardless of the explanation — they don’t want excuses, they want solutions.  Second, these statements are not legally binding in any way.  So, why do people want them?

However, one must be practical and there is some accepted reasons for having these statements on E-mail.  My company has been sued numerous times and in these cases, the lawyers have always asked why we did not have them on all our E-mail.  It goes more toward supporting evidence of your position than a standalone declaration.

‘The disclaimers added to the end of emails are not legally binding, but it’s always good practice to try and disclaim liability.”
– Michael Chissick, Head of Internet law at Field Fisher Waterhouse.

“The value of disclaimers is limited, since the courts normally attach more weight to the substantive content of the communication and the circumstances in which it is made than to any disclaimer…Even though their effectiveness in court is doubtful…”
– From the UK’s weblaw via Jeff Goldberg

By including a disclaimer that warns that the content of the mail is confidential, users can help protect the company against the exposure of confidential information.  If the recipient breaches this confidentiality, they could be liable.  If you were to be so unlucky to be sued for the contents of an email, it is not certain whether an email disclaimer will protect you from liability in a court of law. However, it can help your case and in some situations might exempt you from liability.  More importantly, it may well prevent the actual occurrence of lawsuits against your company since the mere presence of the statement might deter most persons from seeking legal compensation from your company. Besides avoiding liability, disclaimers are also used to prevent persons from unlawfully forwarding or copying confidential emails. Again, the presence of the notice will deter most persons from doing this. Therefore the use of disclaimers is always recommended.  This white paper from Red Earth Software is a pretty good reference.

The reality is that disclaimers are here to stay and we needed to find a solution that:

  • is cost effective (that means cheap — very cheap)
  • puts a disclaimer at the very end of the E-mail thread — only once
  • puts a referral link to that disclaimer at the end of each message (except the first one) in HTML mode
  • supports HTML, RTF and plain text messages
  • only puts disclaimers on E-mail messages leaving the corporation (outbound only)
  • operated as a gateway so it would not impact performance of back-end mail servers

After looking at a number of products, I came across Policy Patrol Disclaimers from Red Earth Software.  The product runs on Windows 2003 server (we used a VM) and can be configured as a gateway or installed on the Microsoft Exchange server – supporting both Exchange 2003 and 2007.  It must be installed on the Exchange server if you want the disclaimers to be attached to internal messages as well as external.

The product installs quickly and easily and provides a simple intuitive user interface.policypatrol

You start by creating a template to be used by your rules.  The product comes with a large sample of templates and rules to assist you and provide ideas.  For our purposes, we copied the “Appended disclaimer” and “Prepended disclaimer with link properties” and configured them to meet our specific needs.  Our corporate council wrote the legal text that they preferred.

sample-templatessample-rules

The product makes building disclaimers very easy and gives you plenty of options to make it work just the way you want. It has options to allow disclaimers to be

  • prepended or appended, applied to a single user, group of users or all mail
  • applied to incoming, outgoing or both
  • exceptions for specific headers, subject lines, body content or attachments (filters)
  • duplicates can be sent to an archive
  • scheduled (say for holidays, special events, etc)
  • applied in a specific order

In our case, we used the ordering to make sure the disclaimer is added at the end of the mail (append mode) and then subsequent replies only have the referral to the disclaimer inserted at the end of the user’s text.  The product allows the disclaimer to be positioned

  • after the most recent message text (like a signature block)
  • avoiding multiple disclaimers
  • add only when another signature or disclaimer is already added

The product uses a wizard-like approach to building your disclaimer rules.  As it does so, it provides you with an explanation or description of what the rule will do.  This makes it easy to understand and affect changes when needed.  If another similar rule is required, the product has a duplicate function to help avoid mistakes.  All templates support HTML, RTF and plain text versions so that the right kind of disclaimer is added to the mail message.  A nice option in HTML is that administrators can see the actual HTML code and edit it.

But no product is perfect.  Because of the various installation options, the product does not integrate its list of users with LDAP or Active Directory.  Instead, it uses its own list of users which can be imported from Active Directory, Exchange 5.5, Lotus Notes/Domino or simple manual input.  I assume the reason for this is to help administrators control cost as licensing is based on the number of entries  in the list and not the actual number of users who have executed a rule.  One nice option in the product is to set auto-licensing of new users.  In this mode, each new user who send mail through the product will automatically be added to the list of users and accounts for a license.  When the license limit is reached, a warning notification is sent to the administrator and subsequent users will not have rules applied to them.  Subsequently, if users leave the organization, they will have to be removed by hand as the product does not have a timeout to remove users who have not sent a message after some time.  However, custom signatures can extract data from AD, Exchange 5.5 and Lotus Notes/Domino in real-time.

The UI also gives the administrator a report on the last time a rule or template was modified and by whom.  However, there is no history report of all edits/changes or to roll-back any changes.

In gateway mode, the product relies on the SMTP Virtual Server within IIS.  While that helps with the pricing (since IIS is free as part of Windows), it does not help with redundancy and failover.  As I mentioned earlier, we use the Symantec Brightmail gateways for SPAM and virus management.  So, all of our outgoing mail will go from an Exchange cluster->disclaimer server->Symantec gateway servers.  As you can see, we have fail-over and redundancy everywhere except at the disclaimer.  This is because the SMTP Virtual Server can only forward mail to a single IP address.  If that server is down, then outgoing mail comes to a halt until that server is restored.  It would be great for Red Earth to consider an open-source MTA to move mail and provide admins the ability to set a list of SMTP servers to forward to.  In this way, if one server is down, it could check the others.  It could also use DNS to go through the MX records to find a responding server.

Overall, this is a great product and the price is excellent.  I recommend it to anyone looking for an easy, reliable product to manage disclaimers.

If you have any experiences with this product or others from Red Earth, leave a comment or a pingback to your site.

Article by Steve Van Domelen

Steve has written 47 awesome articles.

Previous post:

Next post: