That is too late. Collecting data like this is only legitimate (or, if the reciever is european, legal) if the collection only ever starts after the collecting party has recieved a qualified declaration of consent from the reciever of the bugged mail. If they don't get this consent before sending the mail, they are just scum.