The Power of Email Metadata for eDiscovery: Why Attorneys Rely on Email Headers
Takeaway: In the world of legal proceedings, the significance of email communication cannot be underestimated. Mishandling an email can have severe consequences, potentially derailing an entire case.
A badly-handled email can cause a lot of harm.
Consider this scenario: an attorney copies a client on an email intended for another attorney, then the attorney on the receiving end accidentally clicks “Reply All” when responding. As opposing attorneys are generally prohibited from directly contacting each other’s clients, the question of whether this is ethical or not suddenly arises from this relatively simple exchange. While copying the client on the first email implies consent, the absence of explicit permission from them to be emailed cannot be overlooked. Many similar situations come up during the course of eDiscovery, and it’s essential that such exchanges are tracked so that they can be appropriately resolved.
Luckily, there’s a powerful tool to ensure accountability: email headers.
This is where the value of email headers becomes paramount. Email headers, akin to digital footprints, contain crucial contextual information that authenticates the content within an email. Positioned before the body content, headers store details such as the sender, recipient, date of sending, and more. But their significance extends beyond these basic details. Headers also document the route an email takes as it traverses from one computer to another, providing a convenient repository of essential data that can prevent and track errors like inadvertent “Reply All” clicks.
Email headers contain “metadata” - information that can be a game changer.
What we’re really referring to here is “metadata” – contextual information that is generated and employed by your computer for email headers, just as it is for other documents. Let’s look at metadata in general first: whenever you create a document, your computer automatically records a plethora of data, like who created it, when it was created, when it was last accessed, and more. Metadata, essentially “data about data,” acts as a digital trail documenting the history of a document. While uncovering less common metadata types may require expertise, they are present and can be accessed if one knows where to look.
There’s a wealth of metadata in email headers.
Even a concise email header contains a large amount of invaluable metadata. Although email headers may vary, several fundamental metadata tags are typically present. These include sender and recipient information, the email’s path, a sending timestamp, a subject line, and a default “reply to” address. Moreover, authentication details such as successful delivery, trusted source verification, and spam likelihood assessment (with tags like X-Spam-Status and X-Spam-Level) are included. Furthermore, metadata confirms the email’s format (HTML or plain text,) and whether it contains embedded images, videos, or other files.
And headers are thorough – they contain information that’s added on across multiple points.
As an email travels, it accumulates metadata at each stop along its path. The sender’s computer adds metadata such as the email’s author, intended recipient, and subject. The sender’s email service appends an identifying IP address from within its network. (In fact, you can use a service like WhatIsMyIP to track anonymous senders by using this IP address.) The email’s journey involves multiple server hops, and each of these intermediate stops leaves its mark in the metadata. By examining timestamps, network engineers can even approximate the distance between servers. Finally, the recipient’s email server adds metadata tags that capture the arrival time, the last server visited, and the sender’s designated “reply to” email address.
But all this header metadata is only useful if it’s validated.
Validating header metadata is crucial for its reliability. The process often involves DKIM (DomainKeys Identified Mail), an authentication method that ensures the integrity of an email’s content. DKIM utilizes cryptographic keys to generate a unique digital signature based on the email’s body content. The recipient’s email service then verifies this signature against the email’s content to confirm that no tampering has occurred. If the DKIM signature is invalid, it indicates either tampering or an unknown source.
As useful as this sounds, you’ll often require assistance if you want to decode and view email headers completely.
While the intricacies of email headers may seem impressive, it’s often difficult to make sense of the raw code that they are comprised of. If you want to view all the data a header contains, it’s likely that you’ll need the help of an online tool like Message Header from Google Admin Toolbox, which provide a simplified analysis – just copy and paste the raw header data into the box on the web page. It is also possible to access a version of email headers yourself by utilizing a feature depending on your email platform. For example, in Gmail, clicking on the three-dot icon and selecting “Show Original” reveals the full header. In Microsoft Outlook, after clicking on the three-dot icon choose the “View Message Source” option. For iCloud Mail, click on the gear icon in your browser and then on “Show Long Headers.”
Do you need to review email header metadata for eDiscovery? There’s a better option.
eDiscovery services offer an alternative method to tap into header metadata. These subscription-based services automatically check and interpret email metadata, saving attorneys time and effort. When conducting advanced searches, eDiscovery software examines email metadata to locate relevant messages based on specific criteria, such as sender, recipient, and timestamps. This eliminates the need for manual decoding, as the service handles the metadata extraction process. They also allow you to search through the header metadata of multiple emails sourced from different platforms at the same time, and if you want to extend your search to their attachments and their metadata, that is an option as well. Want to give such a service a try for free? Check out GoldFynch.
This is just a peek into the power of email metadata.
The possibilities presented by email metadata extend far beyond what is covered here. A solid understanding of email headers empowers attorneys to ensure the authenticity of messages, gather valuable contextual information, and trace the journey of an email—all vital elements for building a solid legal case. By delving deeper into the intricacies of these email “footprints,” you can unlock new ways to tackle your next big case!