Can I prove that I did not receive an email?

Question

A company are saying they sent an email to me. I have gone through all of my inbox, junk, and deleted files and the email still doesn’t exist. They have asked me to prove the email never got to me by asking my email provider to send over log details but I have looked into this and it is impossible.

Is there any other way to prove an email wasn’t sent to me? Also I have asked them to resend the email but they are saying because the email was automatically generated from an email sent to them they don’t have a copy of the sent email.

You cannot prove that you did not get a mail the same as you cannot prove that you did not get a snail mail letter. — Steffen Ullrich, May 19 '22 at 03:12
How can they prove they sent the email they don't even have... — Esa Jokinen, May 19 '22 at 04:29
When I worked with companies that sent auto-generated emails they would BCC an internal address to keep track of what got sent and also so that their customer care could easily check and re-send such emails. Doesn't require any coding on the software, except for adding the BCC in addition to the to address, and after that a basic user that only knows emails can handle this, which is way easier than checking email server's logs. — GACy20, May 20 '22 at 08:35
@GACy20 Each delivery is separate one. Even if both recipient and bcc are on your own server you can successfully deliver to one and fail on another (disk full, mailbox locked, etc.) And if any of them is not on your server, then control is completely out of your hands once letter leaves your premises. — Oleg V. Volkov, May 20 '22 at 09:35
Technical gremlins rather than bad faith is a possibility. Their mail server may still be trying to deliver the mail, in which case you haven't got it and they think it's sent. At some future time it will be returned to the person who sent it as undeliverable. Time-outs are hours to days. Gmail warns the sender after about a day that it might be undeliverable, and keeps trying for a few more days, but other service providers may do things differently — nigel222, May 20 '22 at 10:55
It's also possible for an e-mail server to "drop" an e-mail, like a letter dropped in a sorting office and knocked under something before it is noticed. I once rceived an e-mail a couple of YEARS ater it was "sent" but not received! — nigel222, May 20 '22 at 10:57
@OlegV.Volkov So? A solution that works 99.99% of the time is way better than no solution. I was mainly addressing also being able to check and re-send automatic emails. Using BCC is an extremely simple and extremely effective solution that works 99.99% of the time, doesn't require development effort, and can be handled by the dumbest customercare agent. Implementing your own custom application logic to check/resend automatic emails will cost way more, may contain bugs and may not be usable by dumb users. — GACy20, May 20 '22 at 12:36
@OlegV.Volkov The fact that this company did neither shows the low level of care for their processes. — GACy20, May 20 '22 at 12:37
Then again, if you had the complete smtp log files and for data privacy reasons stripped away everything not related to that specific mail, that would mean they ask you send a (potentially) empty file? — Hagen von Eitzen, May 20 '22 at 15:41
In the case of corporate e-mail systems (which apparently isn't the case here), it could also be that the e-mail has been "quarantined", for instance if it looked a bit too suspicious (or was actual malware etc.). Admins are able to review quarantined messages and possibly release them, though of course that could be risky if the e-mail indeed contains malware.... — jcaron, May 20 '22 at 15:45
Legally, you don't have to. You simply say "I didn't get it". They have to prove that you got the email -- which they know they can't. Even if they have logs showing that they have sent it, they cannot prove that you actually received the email. That is why legally, if you want to make sure you can prove delivery, you you a registered letter with receipt or judicial notification. — Polygnome, May 21 '22 at 13:28
What is the downside of ignoring this company that wants you to prove the impossible? — Wastrel, May 21 '22 at 16:06
BTW, legal details depend on which country you are in. In Italy we have a system called PEC (Posta Elettronica Certificata, translatable as "Certified Electronic Mail") where through a series of additional steps you can have a certification of sending/delivery of messages. This is required now for B2B and Buisiness-to-Government Offices formal communication. Good old email messages are more like pidgeon-messages (can you prove the bird didn't reach you with the message intact?). They're asking you nonsense. — LorenzoDonati4Ukraine-OnStrike, May 22 '22 at 09:35
Moreover, I wouldn't rule out some social engineering information gathering attempt: why would they want to see your provider's log? Is this company a reliable, well-known company in your country? Or it is some shady one? Maybe the information in the logs might help them mount a cyber-attack against you or provide them with information that they could not obtain legally. — LorenzoDonati4Ukraine-OnStrike, May 22 '22 at 09:38
I would just send those clowns a screenshot of an empty inbox as 'proof'. — Eternal21, Jun 02 '22 at 16:35

score 63 · Answer 1 · answered May 19 '22 at 08:19

63

This is one of those situations where Amazon is asking someone to send a picture proving that a package was never delivered. You can't.

In general, you cannot "prove a negative".

Trying to get your email provider to supply logs will be difficult and might take a long time. And they might not do it. What will be a lot easier and faster is for the company to check their own email logs for proof that they sent the email. They don't need a copy, just a log entry.

answered May 19 '22 at 08:19

schroeder

129,372
55
299
340

50

Even if they sent the mail it does not mean that it got received. Even some major mail providers accept mail and then silently delete it if they consider it spam or similar. – Steffen Ullrich May 19 '22 at 09:29
28

@SteffenUllrich absolutely, but the company forcing an end-user to "prove" the lack of receipt is insane. They should confirm for themselves that the email was sent and was sent to the correct recipient. Troubleshooting 101: did the fist step in the process complete successfully? – schroeder May 19 '22 at 09:42
2

Proving that you didn't receive a specific email at a specific time on a specific date sounds quite a bit easier than proving that you did not receive a specific email ever. So the sequence "the company shows you log proof that they sent the email, then asks you to prove that you did not receive it" is not unreasonable. – Brilliand May 20 '22 at 04:51
"Prove a negative" is difficult indeed. Bernhard Riemann, 1859 : "there is no non-trivial zero for the Zeta function outside of the line real part = 1/2", 2022: ... – Basj May 20 '22 at 06:29
... "Show us the logs of these zeros!" – Basj May 20 '22 at 06:29
@SteffenUllrich I'd expect major email providers to have logs recording when messages are discarded as spam. And probably even quarantine them for a period of time before permanently deleting them. Spam blocking may be silent to the sender and recipient, but it shouldn't be silent to the admins. – Barmar May 20 '22 at 13:45
But getting them to produce these logs may be difficult without a court order. They don't want to overburden themselves with responding to frequent requests from users. – Barmar May 20 '22 at 13:45
@SteffenUllrich but at least if the logs show that the mail was successfully transmitted from their MTA to "your" MTA, it was your responsibilty that it got dropped afterwards (e.g., because your contract with your mail provider allowed dropping important mail). The much more likely scenario with missing non-spam mail, however, is that at some point of the chain, a mail server rejects the mail, in which case a corresponding non-delivery report should go back to the sender. – Hagen von Eitzen May 20 '22 at 15:49
2

@HagenvonEitzen: "it was your responsibilty that it got dropped afterwards" if Microsoft drops the mail (hotmail.com or live.com are known for this) it is unlikely your responsibility as the simple user of such a Microsoft service. Anyway, mail is not a protocol with guaranteed delivery. There is no (mandatory) feedback back to the sender that the mail got delivered. And non-delivery reports are not guaranteed to be successfully delivered to the original sender either. Apart from that they are often ignored since they are technical mumble jumble many users don't understand. – Steffen Ullrich May 20 '22 at 15:52
1

"In general, you cannot "prove a negative" - Why? Proving that you received an e-mail is close to impossible if you have deleted it while it is easy to prove that you did not receive it if you have some log file of the server saying that the delivery of the mail failed for some reasons. It always depends on the circumstances if it is easier to "prove a positive" or "prove a negative". – Martin Rosenau May 21 '22 at 13:01
Exactly, @MartinRosenau! Change the "prove you didn't get it" to "prove that it did get deleted" and you no longer have to worry about proving a negative. If any of the hops along the way logged that it refused, blocked, deleted, or otherwise didn't deliver the message, then there is certainly evidence of it NOT being delivered to you. (Note that any third party has virtually no reason to, and good reasons not to, share those logs with you, however.) – A C May 21 '22 at 17:09

mti2935 · Answer 2 · 2022-05-20T11:05:55.593

The answer above by @schroeder is spot-on (+1). It is impossible for you as the recipient to prove that you didn't receive an email. However, the sender does have the ability to prove that they sent an email, and that the mail server that handles incoming mail for your domain received it, and that this mail server acknowledged receipt.

The diagram below shows the journey that an email message makes from the sender to the recipient:

The sender's outgoing SMTP mail server will typically log every delivery attempt. When the message is handed off from the sender's outgoing SMTP server to the recipient's incoming MX server, the incoming mail server will acknowledge receipt with a 2xx response and will usually include a unique identifier that it assigned to the message in this response. The sender's outgoing SMTP server will typically include all of this in its logs. So, if there is any question as to whether a message was sent, and whether it was delivered (at least to the recipient's incoming MX server for their domain), this should all be in the sender's outgoing SMTP server logs.

Of course, even if the recipient's incoming MX server received the message, it is still possible that the recipient may not receive the message in their inbox. This can happen if the recipient's incoming MX server dropped the message, or treated it as spam, or otherwise mishandled the message. But, at least the sender can show that they sent the message, and that the message made it to the recipient's incoming MX server, and that the recipient's incoming MX server acknowledged receipt of the message. If the recipient never received the message in their inbox, then the recipient can go to the admin of their incoming MX server, armed with the logs provided by the sender, and ask the admin to track down the missing message, and ask for an explanation.

As you can see, this all hinges on the sender being able to access their outgoing SMTP server logs. If the sender outsources their outgoing email to a third party provider, it might be difficult to get the provider to pull these log records, as this is typically beyond the level of service that most mail providers offer (at least at the individual/SOHO/SMB level). However, an outgoing SMTP service such as UltraSMTP, makes these log records available to end users through a self-serve web interface, so that end users can get the information they need themselves to track down problems with non-received messages. [FD, I am the developer.]

If the sender is a malicious entity, they can fake it as long as there is no digital signature. In short, one needs the non-repudation. — kelalaka, May 20 '22 at 19:38

score 4 · Answer 3 · answered May 20 '22 at 11:38

4

With @mti2935 already having explained the technical details:

"prove" to which standard? To a forensics level as if it were criminal evidence? Nope, you can't. The old problem of proving a negative. Prove to me that there's not a picture of my cat orbiting Saturn.

But "prove" to the level required to convince some call center agent? Sure. Ask for the exact time they sent the message (if they know they sent it, certainly they can say when, right?) then check your log files around that time. No message received from their address around that time? There's your proof. Snip the log excerpt, black out any info you don't want to share, send it to them and say "you claim you send the mail at XYZ date/time, but as you can see my mail server did not receive a mail from you at or around that time. You may have sent it somewhere else or had some other kind of communication failure."

TBH, I'm quite sure there's a process to re-send the mail manually. It's just that whoever you're talking to is either too lazy or doesn't know about it.

answered May 20 '22 at 11:38

Tom

10,361
20
52

1

Most people don't have a mail server they can see logs on - that is why they want to ask the ISP. However even then as the other answers say that is not sufficient. – mmmmmm May 20 '22 at 15:27
Asking yout ISP (internet service provider) will also be useless if you email is supplied by a third party such as Google or Microsoft... In addition, the latter loves to move important mails to "junk" and then deletes them automatically after 10 days... (I had to rescue a few mails from junk already, and it happened to my mother too just recently...) – DetlevCM May 20 '22 at 16:55
@mmmmmm yes, I realize that most people don't run their own mailserver. I wonder what they're doing on the Internet but that's another question. (no, I'm serious, these days, everything important including all your password resets are sent by mail. Can't fathom why you'd want that in the hands of a 3rd party) – Tom May 20 '22 at 20:49
@Tom Most people don't know enough or have enough time opr equipment to manage a mailserver and anyway all the mail gets seen by all servers on the route from sender so it is all can be seen by a third party. – mmmmmm May 20 '22 at 20:51
@mmmmmm that was true 20 years ago. These days we have TLS. If you send me an e-mail then no 3rd party can read it. – Tom May 20 '22 at 20:53
2

@Tom TLS for SMTP is hop by hop, and protects the transmission (not the data at rest). So it's decrypted at each mailserver and re-encrypted (which is how "Received:" headers get added). So as mmmmmm said, all the servers on the route from the sender can access the plain text of the email without difficulty. If you want to encrypt the content, you need something like S/MIME which very few folks use. – abligh May 21 '22 at 08:07
@abligh how many hops does your e-mail take? But yes, if the server is in the delivery chain, then you need end-to-end encryption such as S/MIME or PGP. And yes, very few people use that. – Tom May 21 '22 at 12:03
2

@Tom I picked a random message in GMail and counted the number of Received: headers and the answer was 5. Most people pick up their email from an IMAP (or POP) server. Almost everyone uses a third party smarthost to send from. The operators of both those services certainly have access to the plaintext. The way to avoid that is S/MIME or similar. – abligh May 21 '22 at 13:07
@abligh I have to agree with that. I've discarded those services because nobody security-conscious would use them, but yes the vast majority of ordinary people do. – Tom May 22 '22 at 05:16

score 0 · Answer 4 · edited Jun 01 '22 at 18:56

0

It is possible if both parts can check the logs. If the sender has the QueueID provided by the destination, the problem is with the destination server. In that case, the sysadmin of the destination can check what happened with the message.

edited Jun 01 '22 at 18:56

schroeder

129,372
55
299
340

answered Jun 01 '22 at 18:38

Carlos Mora Restrepo

1
1

What is a "QueueID"? Did you mean the message ID? – schroeder Jun 01 '22 at 18:55
The QueueID is the identifier added to any message in the delivery process. Is the way where the mail server track the message status and allow check the specifical message status any time (with the timestamp) – Carlos Mora Restrepo Jun 02 '22 at 12:58

score -1 · Answer 5 · answered May 21 '22 at 04:56

It is unreasonable to provide logs, unless this is a pre-agreed service. Redacting details for every non-matching entry could be automated but not unless there was a serious business case.

However, depending upon where you work, the email may never truly be deleted, nor silently filtered (is your firm SOX Act compliant?). If it was important to them they should have a receipt or your return (manual) ack response.

They should have a copy with timestamps. But some large blue chips stage their email according to priority and their DEP policies.

Do you use a gmail/hotmail/protonmail address? They may have confused them.

Automatically generated huh? They are not in a good position. Not keeping a copy is effectively the destruction of that information.

Can I prove that I did not receive an email?

5 Answers5

Linked