I came across this which reminded me of a story some time ago. I get a call from a guy asking for help. Someone from his company was leaking personal data. The problem, beyond the personal data, was who was the leaker.
I came up with the same thing those malware writers did. That guy gave me a file to redistribute. I wrote a Python script that added the recipient’s mail after EOF encrypted. I mail them the files and I relax. Two weeks later I get a mail, the file was leaked. The file leaked as an attachment. Python says it was the guy no 2. How do we figure out he was the leaker? Mail him another file, this time a dummy. Two weeks later the same thing, same guy. Busted.
In general you can uniquely identify files using that approach. Problems may rise when a user checks the file for abnormalities. He will detected EOF I guess… How do you solve that?