Also worth noting that this did not work out, because their general counsel accidentally replied all to the email, giving everyone in the company a safe copy to leak.
"Reply-all" suggests that the same mail went to a set of recipients, but doesn't the watermarking strategy require each recipient to have their own unique copy?
The "to" line is just a header and you can put whatever you want. The actual recipient is specified out of band (RCPT TO). This is how "bcc" works.
Likely the To: line is some sort of mailing list in this case. The mailing list watermarks when redelivering to everybody. The To line remains unchanged. A reply-all causes one copy to be leaked (but it might be re-watermarked, depending on configuration...) Edit: A reply further down says it was actually a forward which does seem more likely, but nothing about the original setup is impossible.
But how did recipient A get a personalised copy if the mail with that copy was sent to a list of recipients?
Edit: WP has the Tesla story with the counsel forwarding his copy to everyone in a new mail (presumably trying to be helpful?) So not a case of reply-all disease
Email round one: individually-watermarked copies are delivered to individually-addressed individuals. More elaborate systems might watermark such emails en-route, though that's ... less likely. A and B each wind up with individually-identifying copies of the email.
Email round two: A REPLIES ALL to their individually-watermarked copy of the email, delivering it to ALL employees (or some nontrivially large sample), by which B AND EVERY OTHER RECIPIENT now contains A's watermarked copy.
Email round three: B OR ANY OTHER RECIPIENT OF A's REPLY ALL can now leak A's watermarked copy of the email. Watermarking NO LONGER identifies the leaker.
But in this case recipient B must have already had that one, as they were in the reply all for recipient A. If you sent me a personalized email and send it only to me, then my reply all isn't going to give my personalized version to anyone else but you- and presumably you trust yourself not to be the leak.
Reply-All would not include any other recipient in a standard, personalised mail out - unless the "To" or "Cc" fields were manipulated to give the impression that personalised email A went to everyone equally, but I think that would probably require some custom mailserver tweaks?
Correct. Like many credulously repeated stories about Musk 1) the source for this one is Musk himself 2) the description that he gave, and that gets repeated in viral posts, is an extremely easily disproven lie.
"After a series of leaks at Tesla Motors in 2008, CEO Elon Musk reportedly sent slightly different versions of an e-mail to each employee in an attempt to reveal potential leakers. The e-mail was disguised as a request to employees to sign a new non-disclosure agreement. The plan was undermined when the company's general counsel forwarded his own unique version of the e-mail with the attached agreement. As a result, Musk's scheme was realized by employees who now had a safe copy to leak."