I definitely agree this is something worth reconsidering with how cheap gigabytes of disk space have become.
However, I do want to point out a problem with the "legal proof" comments.. They're worthless. Not only do I do security consulting on this kind of thing, but I had a similar case myself, which was promptly lost because even though I had saved a copy to self, that doesn't prove I didn't fake the copy to self, or create it but never send it, etc. What I had learned to do after that was every email I send out, I automatically Cc: (Well, Bcc: actually) a copy to another one of my email accounts I created for just this purpose. This way, I have proof that the mail got sent (it would have the mailserver's "signature" Received: header added on to prove the mail entered the network.. Failure to deliver beyond that isn't really my problem, I can at least show I DID send it on good faith), plus I get to archive the copy of it (almost) exactly as the recipient sees it, not how the copy to self gets saved (which will likely be different in any case because of the way servers add headers as it passes through the mail system, but may be compounded because PMail saves it slightly different when saved as a copy to self, as well).
Other options you should look into are using S/MIME, PGP or GPG extensions, SecureMail and other methods beyond just PMail as evidence that you really sent the mail, it really originated from you (imagine if one of your dishonest clients forged a mail to themselves pretending to be you and making false claims, statements and other bad things against you..), it wasn't tampered with, etc. Using carefully crafted mails, you can even show the recipient's mailserver received the mail. For example, adding a (B)CC to a fake username that you know will bounce.. Then you'll have a copy of the bounce/failure to deliver notice. It won't prove the recipient downloaded and read the mail, but it will prove that their mailserver had received and seen the mail to at least bounce/reject the invalid address, shifting responsibility to them and/or their providers mailserver. ("You never sent the mail!" "Yes I did, and your mailserver received it; I have the bounced portion right here to prove that it got that far. If they lost it or you never downloaded it, that's your problem..") Relying on return receipts and read mail receipts is pointless, too. Many mailservers and users disable them anyhow.
Unfortunately however, there is no way to prove they received and read it. But at least you can prove you sent it and how far it got before it got "lost", "ignored", "deleted" or whatever, which is beyond your control.
HTH, Merry Christmas!
C. M.
<p>I definitely agree this is something worth reconsidering with how cheap gigabytes of disk space have become.</p>
<p>However, I do want to point out a problem with the "legal proof" comments.. They're worthless. Not only do I do security consulting on this kind of thing, but I had a similar case myself, which was promptly lost because even though I had saved a copy to self, that doesn't prove I didn't fake the copy to self, or create it but never send it, etc. What I had learned to do after that was every email I send out, I automatically Cc: (Well, Bcc: actually) a copy to another one of my email accounts I created for just this purpose. This way, I have proof that the mail got sent (it would have the mailserver's "signature" <i>Received:</i> header added on to prove the mail entered the network.. Failure to deliver beyond that isn't really my problem, I can at least show I DID send it on good faith), plus I get to archive the copy of it (almost) exactly as the recipient sees it, not how the copy to self gets saved (which will likely be different in any case because of the way servers add headers as it passes through the mail system, but may be compounded because PMail saves it slightly different when saved as a copy to self, as well).</p>
<p>Other options you should look into are using S/MIME, PGP or GPG extensions, SecureMail and other methods beyond just PMail as evidence that you really sent the mail, it really originated from you (imagine if one of your dishonest clients forged a mail to themselves pretending to be you and making false claims, statements and other bad things against you..), it wasn't tampered with, etc. Using carefully crafted mails, you can even show the recipient's mailserver received the mail. For example, adding a (B)CC to a fake username that you know will bounce.. Then you'll have a copy of the bounce/failure to deliver notice. It won't prove the recipient downloaded and read the mail, but it will prove that their mailserver had received and seen the mail to at least bounce/reject the invalid address, shifting responsibility to them and/or their providers mailserver. ("You never sent the mail!" "Yes I did, and your mailserver received it; I have the bounced portion right here to prove that it got that far. If they lost it or you never downloaded it, that's your problem..") Relying on return receipts and read mail receipts is pointless, too. Many mailservers and users disable them anyhow.</p>
<p>Unfortunately however, there is no way to prove they received and read it. But at least you can prove you sent it and how far it got before it got "lost", "ignored", "deleted" or whatever, which is beyond your control.</p>
<p>HTH, Merry Christmas!
C. M.</p>