Craig Ball Weighs in on Embedded Graphics in Emails: eDiscovery Best Practices

Have I mentioned lately how I love it when readers submit topics to cover on eDiscovery Today?  One reader (and good friend) Kevin Clark, Litigation Support Manager at Thompson & Knight LLP, submitted two terrific topics that I not only thought would be great to cover on the blog, I also decided to bring in a well-known expert (Craig Ball) to weigh in on both of them.

I’ll cover the first one (embedded graphics in emails) today and the second one (links to files in emails) in a few days.

My question to Craig regarding embedded graphics in emails was as follows:


More and more, we’re seeing unrendered graphics in emails as many enterprise email systems don’t automatically download graphics from certain email addresses or domains unless directed to by the recipient for security reasons. If the recipient of the email never chooses to download graphics in an email (meaning they never saw them), do they still need to be produced as part of an email?

Craig’s response:

In discovery, parties are only obliged to produce information in their care, custody or subject to their control. No one can be expected to produce what they don’t have and cannot reasonably obtain as a matter of right or custom.  So, if it can truly be established that neither the users nor the enterprise had or saw the images, then it’s not reasonable to expect them to seek out and produce embedded graphics that weren’t downloaded by the user or the enterprise.

Simple question, simple answer; but, there’s the rub: The hypothetical strikes me as wishful thinking. Users can and do download and view embedded graphics, so how does a litigant assert something “never” occurs when a reasonable inquiry would contradict the claim?


I’m skeptical of claims that custodians never look at inline images in communications deemed relevant and responsive.  Just because the mail server didn’t download the embedded graphic doesn’t mean the user didn’t do so locally.  So, if the images are more than simply decorative “noise” like a logo in a mail signature line, I’d want the producing party to do more than baldly claim that no one ever saw the images.  I’d want to test the assumption and assure myself that that I can demonstrate that users could not view the images without those images also being present in the mail collected and processed for production.

If the picture data would be found in a local PST or OST (mail storage formats I still run into with regularity), then the producing party cannot falsely claim the images weren’t seen because they’d rather not deal with them.  Competent lawyers don’t just hope, they check.

It’s an important issue considering our growing reliance on images to communicate substantive ideas.  As a requesting party, I don’t care about a signature logo, but I care very much if gifs or emoji takes the place of the written word.  A thumbs up icon is agreement; a raised middle finger emoji is…well…not.  Considering the near-universal adoption of inline images, I’d want my clients to work toward producing image data and not waste resources trying to sell the lie that no one looks at images.

Thanks to Craig for that response and thanks to Kevin for the topic suggestion.  Craig weighs in on links to files in emails in a second part in the next few days.

So, what do you think?  Do you agree with Craig on considerations for embedded graphics in emails?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.


  1. Thanks for sharing Doug! Kevin is apparently asking a few people the same question. Now that this is going public, with Kevin’s permission, here is my much more direct, and significantly less pithy response:

    In general, the outside (graphic) element is not within the parties possession, custody or control under Rule 34 or state law equivalent; provided however, in jurisdictions that apply the practical ability test, one might argue (and I’m not sure successfully) that the producing party has the practical ability to obtain IF it can simply make the automated call. However, in such circumstances, I would expect someone to counter-argue that such demand is not proportional and the information is not readily accessible. This would require briefing, and thus $$$ to attempt to resolve. It really would need to be worth it.

    This brings me to the second point as to assessing for evidentiary purposes what the custodian saw or did not see: I do not agree with any presumption that a blank box in the collected emails that reflects what the custodian saw; and vice versa. If we capture emails from a custodians laptop, and Outlook never downloaded the image, that does not raise a credible presumption that the custodian never saw it. For example, a custodian may have seen the entire mail on their phone or tablet, where the default applications generally automatically download all images. On the opposite side, a custodian may not download the image on their laptop, but if we collect their data from M365 directly, the image may be shown on the collected email, but the custodian might truly have never seen it in their Outlook. I’d have to test these ideas in a variety of situations to come up with a better sense; however that itself would only demonstrate the current behavior and settings in my environment. Thus I don’t think we can establish any hard and fast rule.

    • Great Points, Eric. Studies show that fully 2/3rds of all e-mail is handled on mobile devices, so as you wisely note, those settings are most likely to influence what custodians see for the bulk of messaging, not the Exchange, O365 or Outlook settings on a desktop or laptop.

  2. Although I personally (disclaimer*) agree with some of Craig’s analysis, I think one aspect requires additional attention. As many eDiscovery technology experts would likely tell you, not all embedded graphics are created equal. As comments to FRCP 26 suggest: “The requesting party has the burden of showing that its need for the discovery outweighs the burdens and costs of locating, retrieving, and producing the information.” Accordingly, the proportionality aspect requires closer scrutiny before one can conclude whether the producing party should have the burden (including the cost) of producing such graphics.

    • I did not address the proportionality issue directly because the question posed the issue as one of care, custody and control more than burden and cost. I agree that discovery must be proportional (and even if I didn’t agree, the Rules kick my obstreperousness to the curb). My assumption was that the graphics were likely to be substantive in the item deemed responsive, not merely decorative. Your point is well-taken.

  3. Great article on this topic that as a litigation support vendor we always have to address with our law firm customers. However, more from a different viewpoint that they do not want to produce separate embedded graphic file attachments, especially all the duplicate and non-relevant ones in signature areas with the parent emails since duplicate and increases the numbers of documents produced. Obviously, just doing a Native Email in MSG format as Craig Ball always supports solves that issue, but we still do many email TIFF or PDF image productions because the law firms want endorsed bates numbers on each page.

    Our applications used on email extractions creates a separate attachment for embedded logos or graphics in emails. But, like the article points out, some embedded graphics like emojis are relevant and should not be excluded from an email production. Therein lies the conflict to take the time and expense to review these graphics or exclude.

    • In fact, I’m not terribly keen on MSGs versus other near-native forms because extractions/exports of identical MSGs at different points in time generate different hash values for the identical message. Still, they’re better than TIFFs. On this topic, native versus TIFF isn’t a crucial distinction because both forms will likely contain only a link rather than the image. If the image data has not become a part of the messaging collection under review, no form of production will be able to render the image.

Leave a Reply