Doctored Emails

[adazh]

I would like to know if there is any way of checking if an email has been
doctored. I believe this is the case with some emails I received. I have
never sent an email to that person but the email shows as if we have been
communicating for a while. Please help

 

[Roady [MVP]]

Junk Email Filters are your friend.

 

[adazh]

I am not referring to spam or unsolicited mail. What I mean is someone made
it look as if we have been communicating for a while about certain sensitive
information yet I have never done so. I need to know if there is a way of
proving that there was no backward and forward transmission of the said
emails as is being claimed.

 

[Roady [MVP]]

You're saying that he/she made up an entire conversation in a new email and
then sent it to you? There is nothing for you to proof. You can simply claim
that you've never send those emails. The law works the other way around;
he/she has to proof it that you indeed sent those items he/she is responding
to. That's why there are mail compliance regulations.

 

[Brian Cryer]

I would like to know if there is any way of checking if an email has been
doctored. I believe this is the case with some emails I received. I have
never sent an email to that person but the email shows as if we have been
communicating for a while. Please help

My first thought (like Roady) was that this was spam, but clearly not.

Two suggestions (in addition to Roady's):

1. If other emails existed (and the other person has them) then it is
possible to tell from the headers that are stored with the email which
server it came from. This doesn't prove that you sent them, but if such
emails existed then it would be possible to deduce which server generated
them and whether this was your normal ISP or Exchange server.

2. Are you using Microsoft Exchange? If you are then the logs generated by
exchange would show when messages were sent (and received). Be aware that
these logs are normally deleted after 30 days. This doesn't prove that you
didn't sent the emails, but it does demonstrate that they weren't sent from
your server.

Be aware that it is very easy to forge emails, and even easier to insert
text into an existing email to make it look like there was more
correspondence. Hence of course your question ...

Hope this helps.

 

[VanguardLH]

in message

I would like to know if there is any way of checking if an email has
been
doctored. I believe this is the case with some emails I received. I
have
never sent an email to that person but the email shows as if we have
been
communicating for a while. Please help

So you receive copies of e-mails that show prior conversation(s) which
you claim to have never participated. And so what? Anyone can put
anything they want into the body of their e-mail. Anyone, like a
spammer, can claim any e-mail address they want in the From header
because it is *data* sent during the DATA command with the SMTP server
and not part of the RCPT-TO command that specifies the true recipients
of an e-mail. SMTP was designed under a trust model which is easy to
break.

Unless the e-mail was digitally signed to show it was altered after
being sent from whomever composed the e-mail, anyone can edit a
received e-mail however they chose. Also, unless replies *attach* the
original e-mail, the headers are lost and so is the digital signature,
so there is no proof in a reply that quoted the original message
*inline* that the quoted content was not edited. Unless a respondent
ATTACHES the original e-mail, they are NEVER sending you the original
e-mail.

The original e-mail must be ATTACHED and be DIGITALLY SIGNED for you
to know that it was not doctored.