On Fri, 2025-03-21 at 09:08 +1100, Stephen Morris wrote:
When sensitivity levels are set on a mail, the mail client adds headers into the header list to specify the sensitivity level specified (Private, confidential, organisation-confidential). The setting of organisation-confidential is the same as confidential but meets the requirements of RFC 256 (I think it was that, I need to look up the documentation again for the environment I develop in at work to see exactly what RFC it is for).
I suspect it's merely a label and application-specific. The moment you email someone without the requisite software it's going to get ignored.
Organisations, if they so desire, can put processes in place to handle mails with headers specifying sensitivity differently to mails that don't have the headers. In fact, I'm trying to get a defect resolved at the moment where somewhere between the code I wrote to send the mail and the mail arriving in Outlook 365, the sensitivity level in the headers has been changed.
Big oops, I missed it. In the message editor for new message or replies (on my old CentOS 7 installation)
Insert menu blah blah blah blah Custom header blah blah blah blah
And a slightly different position in the Insert menu on my Fedora 40 installation, so I suspect it's still there in newer releases.
Click on the custom header menu item, and a window pops up
Email Custom Header Security Personal Unclassified Protected Confidential Secret Top Secret None
On a whim, I picked "unclassified" for this reply, to see what it does, and if it makes it through the list server.