diff --git a/cmd/archivmail/cmd_status.go b/cmd/archivmail/cmd_status.go
index 3b88196..4b535cd 100644
--- a/cmd/archivmail/cmd_status.go
+++ b/cmd/archivmail/cmd_status.go
@@ -66,6 +66,11 @@ func runStatus(args []string) {
 			status := "OK"
 			if !r.OK {
 				status = "FEHLER"
+			} else if strings.HasPrefix(r.Detail, "WARNUNG") {
+				// Non-fatal but GoBD-relevant (e.g. PROJ-51 retention check):
+				// reflect the warning in the status label without affecting
+				// the exit code (r.OK stays true).
+				status = "WARN"
 			}
 			if r.Latency != "" {
 				fmt.Printf("[%-6s] %-12s %s (%s)\n", status, r.Name, r.Detail, r.Latency)
diff --git a/internal/api/search_handlers.go b/internal/api/search_handlers.go
index 6b6a1d5..e3fb139 100644
--- a/internal/api/search_handlers.go
+++ b/internal/api/search_handlers.go
@@ -326,13 +326,15 @@ func (s *Server) handleGetMail(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// PROJ-51: retention lock + its source for auditor traceability.
+	// The source (e.g. "rule:<id>") exposes internal archiving-rule IDs and is
+	// therefore only included for roles that may manage/audit those rules.
 	var retainUntil interface{} = nil
 	var retainSource interface{} = nil
 	if until, source, rerr := s.store.GetRetentionInfo(r.Context(), id); rerr == nil {
 		if until != nil {
 			retainUntil = until.UTC().Format(time.RFC3339)
 		}
-		if source != "" {
+		if source != "" && sess.Role != userstore.RoleUser {
 			retainSource = source
 		}
 	}