Legal disclaimers

by Volker Weber


We like to repeat all the stupid mistakes others have made. I am not going to explain why legal disclaimers don't work here. Udo Vetter has done this before (sorry, cannot find the permalink).

What we can see however is that besides being useless, they also break the message. First of all, your X.509 signature becomes useless, since the message has been tampered with and the receiving mail client will flag this.

Second, the implementation is often very flawed. In this case you can see one character missing (? instead of ß) because the disclaimer is not encoded correctly.

The good news: This disclaimer is only a few lines long. I have other respectable customers who show their legal ignorance with two pages of disclaimers. Too bad, if your business is closely related to legal counsel.


This is one thing I do like about the new disclaimer function in Notes/Domino V7.

In ND7 the disclaimers are added at the client side and not at the server side. By doing this the disclaimer can be added before the message is converted to mime or s/mime. The administrator also has the option to turn off disclaimers on encrypted emails to give true 'untampered' emails if they wish.

Declan Lynch, 2004-12-15

It isn't just disclaimers that break signatures of course. I have some evidence that some AV software also does.

BTW, here's what I think of disclaimers.

Chris Linfoot, 2004-12-15

I know, that the Domino-add-on virus scanner in our organization messes up the notes signatures as well, as soon as there's an attachment in the message. Very bad, since e-mails with malicious attachment impose the biggest threat in notes. Most of the JavaScript and simply all ActiveX based stuff can easily be caught.

Ragnar Schierholz, 2004-12-15

Nice writing, Chis. Highly recommended, everyone!

Ragnar, when x.509 was introduced for Domino I tested this with then CTO Nick Shelness. It did not work for me. As it turned out, Norton Antivirus did a MIME-CD-MIME round-trip since it was only able to scan CD messages. Once I had removed NAV, the problem went away.

Chris, what happens with spam filters? They add stuff to the header, which should be fine, I suppose.

Volker Weber, 2004-12-15

Yup. Well behaved spam filters do just that. SpamAssassin is the obvious open source one but commercial packages tend nowadays to work in a similar way. For example, Trend Scanmail for Domino version 3 adds X- headers with a spam score if the anti-spam feature is enabled (including a signed email I have here from you) and the signature is fine. Your spam score FWIW:

X-TM-AS-Product-Ver: <SMD>-<>-<1.25.1015>-<13122>
X-TM-AS-Result: <No>-<0.460>-<7.0>-<99000>

There was an issue with the content filter in SMD3 that added whitespace in message bodies and subjects and that did break both x.509 and Notes signatures, but that bug has been fixed.

Chris Linfoot, 2004-12-15

What I don't get about these disclaimers: At the very end they tell me that it may be confidential and that I'm not allowed to read it ... by that time I've already read the mail. How else would have ended up at the bottom? I usually start reading mails at the top, not at the bottom.

Armin Grewe, 2004-12-15

Hm, hit me if I'm too stupid, but wouldn't it make sense to publish your public key of the thawte certificate on I've looked for a directory on, but couldn't find one.
From what I can tell, you could embed it in your VCard file, for example.
Any reasons why this would be a bad idea?

Ragnar Schierholz, 2004-12-15

Old archive pages

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.


Paypal vowe