Description

This article describes how an external email sender can request a read-read receipt in an email, prompting the protected recipient's e-mail client to send a receipt or in the case of some mail clients send it automatically.

Scope

FortiMail.

Solution

When sending back a read-receipt, as this is an SMTP communication, the external recipient can be added to a user safelist if the resource profile option 'Safelist recipients of outbound message' is enabled.

In the GUI:

In the CLI:

FML # config profile resource

FML (resource) # edit Res_Default

FML (Res_Default) # set outbound-safelist
disable disable option
enable enable option

--- current value ---
outbound-safelist: enable

The sender's e-mail client inserts the header 'Disposition-Notification-To:' and, based on this header, the protected user's e-mail client will prompt for a read request or send it automatically.

It is possible to 'disarm' such read-receipt requests so that the protected user's e-mail client will not even know there was a request in the first place, and thus no read-receipt is requested or sent back automatically.

To do that, edit the session profile used for inbound mail: Profile > session and under 'Header Manipulation' > add the header 'Disposition-Notification-To' to be removed.

This way, the read-receipt request does not appear in the protected email clients.

And header: