Aren't read receipts enough proof to register an email?

Posted on August 13, 2014 • 4 min read • 691 words

Whenever I want to make sure that a recipient has opened my email, I send it together with a read-receipt request. Don't read receipts proof that my email has been read?

No way!

Read receipts are part of the Message Disposition Notifications (MDNs, see RFC 3798) and exist since the late 1970'. However, they were not intended to prove delivery of an email to a person, but as a way, more or less reliable, of making sure that the few servers that were online at the time were up and running and that emails got to destination. Little more can be demanded from MDNs. Moreover:

  • MDNs are messages in plain text format, which means that are easy to manipulate and forge.
  • There are email client programs that do not even come with MDN functionalities (i.e. Mac OS X's Mail) and most of them have these disabled by default.
  • MDNs prioritize the recipient's privacy: no matter how hard you try, if the recipient doesn't accept your request you will never get the read receipt.
  • A read receipt will refer to an email and to part of its header, but contains no references to the contents of the email.

What does RFC 3798 say about it

The Message Disposition Notification RFC 3798 is quite clear about the legal considerations of MDN messages:

6.1. Forgery

MDNs may be forged as easily as ordinary Internet electronic mail. User agents and automatic mail handling facilities (such as mail distribution list exploders) that wish to make automatic use of MDNs should take appropriate precautions to minimize the potential damage from denial-of-service attacks.

Security threats related to forged MDNs include the sending of:

(a) A falsified disposition notification when the indicated disposition of the message has not actually occurred,

(b) Unsolicited MDNs.


6.3. Non-Repudiation

MDNs do not provide non-repudiation with proof of delivery. Within the framework of today's Internet Mail, the MDNs defined in this document provide valuable information to the mail user; however, MDNs cannot be relied upon as a guarantee that a message was or was not seen by the recipient. Even if MDNs are not actively forged, they may be lost in transit. The recipient may bypass the MDN issuing mechanism in some manner.

What's Gmail's advise on the matter?

For a start (see

Read receipts are available only for Google Apps for Business, Education, and Government customers. They are not available in personal Gmail accounts.

In addition, Gmail includes the following warning about the use of read receipts:

Do not rely on read receipts for certifying mail delivery. Although read receipts generally work across email systems, you may sometimes get a receipt for an unread message or not get a receipt even though the recipient has read the message.

In summary

Technically speaking, there is no way to prove that a recipient has read your email, but think about it for a moment... Once proved it has been delivered, the point is not whether the recipient has read your email, but whether it is reasonable to believe that he didn't.

Nowadays, there is little chance that a legitimate email won't reach the recipient's mailbox. If no delivery error is bounced back to the sender, there's no reason to think that the recipient didn't get it.

Legitimate emails can sometimes be quarantined in error by anti-spam security layers. In any case, quarantine reporting and the possibility to retrieve legitimate emails are there to make sure people get their emails.

Please understand that we cannot guarantee that the emails you send through us don't get mislead as spam by the recipients mail server: whether you send your emails through us or directly doesn't really make a difference. What we assure you is that we follow all standards and good practices about email management, and that we keep in good health the reputation of the IP addresses we use to deliver your emails. It could happen, of course, but not because of sending your email through us, but most likely because of the contents of the email.

Bottom line. Once you can prove the email was accepted by the recipient's mail server, it won't be easy for the recipient to deny having read it. And if by doing so his position becomes clearly strengthened, he will need to be very convincing in explaining why it is so.