1
I have just received an important email that I'd like to post online. However, I would like to know if there is some way of proving to the Internet that it is authentic (that the sender actually sent this message to me and I am not making it up). I am using Windows 7 and Windows Live Mail.
Lee Sleek
Posted 2013-08-14T04:19:44.560
Reputation: 113
2
You can't, after the fact. Next time, have them sign it with their private key.
The best you can do is post the raw source with all the headers intact, but it's still easily faked.
Spiff
Posted 2013-08-14T04:19:44.560
Reputation: 84 656
Out of curiosity, how can one fake the source code? – Lee Sleek – 2013-08-14T15:05:05.820
@LeeSleek with a text editor. There's nothing terribly hard about typing in a series of "Received: ..." headers and other headers. – Spiff – 2013-08-14T17:18:30.603
2
Its pretty trivial to spoof an e mail - from spoofing the mail client into syncing 'sent mail' to the client - (There's a paper on it - here's an abstract, since I don't have access to my school online library at the moment) to even sending an email with fake information. In the case of windows live mail, I believe its a matter of dragging and dropping a email file into the relevant folder, and this is well documented.
Emails are from a kinder gentler more trusting era, and the protocol implicitly trusts folks. You might be able to use the ip address on the header or some anti-spam extentions to email such as dkim to ascertain if its the correct server, but as its designed, its a pretty trusting protocol.
Its PRETTY hard to prove an arbitary email is from a specific sender, as a result.
Journeyman Geek
Posted 2013-08-14T04:19:44.560
Reputation: 119 122
0
About the only thing I could suggest is that the sender resend the message with a signed PGP trailer for the message.
mdpc
Posted 2013-08-14T04:19:44.560
Reputation: 4 176
Mails are encrypted with receivers key, not with the senders key. Encrypting an email does not guarantee that it really comes from the sender. To guarantee the authenticity the mail needs to be signed. – Werner Henze – 2013-08-14T08:11:40.403
1Nope. You have the same problem with physical mail -- anyone can put the White House as the return address and put "Sincerely yours, Barack Obama" at the bottom of the letter. – David Schwartz – 2013-08-14T04:33:24.450
@DavidSchwartz They would also have to fake the letterhead and the President's signature (both of which are readily available online). – Lee Sleek – 2013-08-14T15:02:02.133
If those weren't available online, the recipient wouldn't know what they should look like anyway. – David Schwartz – 2013-08-14T18:30:54.803