Why Delivered Secure Reports the IP Address and UserAgent String
by Jason Sherrill
When a recipient accesses a secure message in Delivered Secure, the system records and reports two key pieces of information to the sender: the recipient's external IP address and their browser's UserAgent string. These two data points serve an important role in helping senders validate that the intended recipient was the person who actually accessed the message.
What is an External IP Address?
Every device that connects to the internet is assigned an IP (Internet Protocol) address. However, most homes and businesses use a technology called NAT (Network Address Translation) that allows multiple devices on a local network to share a single public IP address when communicating with the internet. This public IP address is known as the external IP address.
When you browse the internet, websites and services see your external IP address, not the private IP address assigned to your individual device on your local network. Your external IP address is typically assigned by your Internet Service Provider (ISP) and can often be associated with a general geographic region, though it does not reveal your exact physical address.
In a business environment, all employees typically share the same external IP address because their traffic passes through a common firewall or router before reaching the internet. This means the external IP address reported by Delivered Secure can help confirm that a recipient accessed a message from their expected location, such as their office or home.
Is Reporting the IP Address a Security Risk?
The external IP address is not sensitive information in the traditional sense. It is already visible to every website you visit, every email server you communicate with, and every online service you use. Reporting it to the sender of a secure message does not create any new exposure.
In fact, the external IP address is publicly available information. Anyone can look up the general geographic region and ISP associated with an IP address using freely available online tools. The IP address alone cannot be used to identify a specific individual or their exact location without cooperation from the ISP, which typically requires a legal process such as a subpoena.
The value of reporting the IP address lies in pattern recognition. If a sender knows that their recipient works at a bank in Dallas, Texas, and the delivery confirmation shows the message was accessed from an IP address associated with a data center in Eastern Europe, that discrepancy would be a strong indicator that the message may have been accessed by an unauthorized party.
What is a Browser UserAgent String?
A UserAgent string is a piece of text that your web browser sends to every website you visit. It identifies the browser software you are using (such as Chrome, Firefox, Safari, or Edge) and the operating system your device runs (such as Windows, macOS, iOS, or Android). A typical UserAgent string might look something like this:
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
This string tells the website that the visitor is using Chrome version 120 on a 64-bit Windows 10 computer. Like the IP address, the UserAgent string is sent to every website you visit and is not considered sensitive information. It is commonly used by websites to optimize how content is displayed for different browsers and devices.
How This Information Helps Validate Recipient Identity
Together, the external IP address and UserAgent string provide senders with a reasonable way to validate that the intended recipient accessed their secure message. If a sender knows that their recipient uses a Windows computer with Chrome at a bank in Texas, and the delivery confirmation shows the message was accessed from a Windows/Chrome browser at a Texas-based IP address, the sender can have reasonable confidence that the right person received the message.
This information is especially valuable for organizations that may need to demonstrate, for litigation or audit purposes, that sensitive documents were delivered to and accessed by the intended recipient. The combination of delivery timestamp, IP address, and UserAgent string creates an auditable record that can support legal and compliance requirements.
While neither data point alone can definitively prove the identity of the person who accessed a message, together they provide meaningful corroborating evidence that is far more useful than the simple "read receipt" functionality offered by email, which can be easily spoofed or disabled by the recipient.
Published 2015-01-01
Jason Sherrill
Jason works behind the scenes on security processes and architecture. Jason also works directly with customers to help guide product development road map and functionality of Delivered Secure.