E-mail impersonation/manipulation

[Guest_imported]

I have a question regarding e-mail. How feasible would it be for someone to create an e-mail with a message that did not actually come from me? And one was created, how would one find out where the e-mail came from? If the e-mail was a conversation, and the conversation had been edited or changed, does the e-mail host have a record of each e-mail transaction so that the original text of each e-mail response can be traced? Thank-you for your responses...

 

[joegz]

The KLEZ virus can do this quite easily and has done this to thousands of perople already. And no you can't not determine where the mail actually originated from which is the intention of the virus. joegz
"Sometimes you just need to find out what it's not first to figure out what it is."

 

[gigahertz]

Look here >

http://www.stopspam.org/email/headers/headers.html

 

[jnicks]

If you look at the detail of headers there are various 'IDs' such as
[tt]
---------------------------------------
Return-Path: <notifyme@tecumsehgroup.com>
Received: from mailgate2.sover.net (mailgate2.sover.net [209.198.87.64])
by mailhub1.sover.net (8.11.6/8.11.6) with ESMTP id g8ICtOh27256
. . .
18 Sep 2002 08:55:25 -0400 (EDT)
Received: from mail.tecumsehgroup.com (mail.tecumsehgroup.com [216.45.19.20])
by mailgate2.sover.net (8.11.6/8.11.6) with ESMTP id g8ICtNV24624

. . .
Message-Id: <200209181255.g8ICtNV24624
[/tt]
-----------------------------------------

These can be used to trace the casual 'spoofer'.

How easy is it to do? Very easy.

e.g. Eudora &quot;automation&quot; If I make a file, spoof.msg
--------------------------------------------
[tt]
To: someone@somwhere.net
From: aUmana@Tek_Tips.com
Subject: Spoof Sample

How are you doing today? Attached is your Klez.
[/tt]
--------------------------------------------

And then ran Eudora with the Sppof.msg as a parameter, it would be placed in the Eudora outbox, not with my name as 'From', but yours, or anyone else I wished to assign it to.

&quot;From: Santa@NorthPole.Com&quot; is good for kids at certain times of the year.

Spoofing is very simple to do but it is not untraceable, to the best of my knowledge, as with the IDs and enough prowling through logs one can find out the actual originating dial-in or workstation/user.


-------------------------------------------

Finally, regarding e.conversations, copies of Emails are not 'generally' stored at ISPs, that would be a privacy violation.

In that case there is no way that I know of to prove content of a message from copies.

Messages generally are stored in corporate environments as they belong to the company, in the US at least.

9/11 may have changed that considerably, many more are likely being stored in various places but that probably will not help someone who claims they never sent a message.

&quot;Hello, NSA? Would you please send me a copy of that message I sent to Mary Lambkins at 3:00 this afternoon to prove it was not harassing?&quot;

I don't think so.

Many environments do not have the time, inclination or sometimes knowledge and skill to trace an Email source, so your claim lf &quot;I never sent that.&quot; is likely to fall on deaf ears.

If you suspect a person is stealing your email identity it would be a very good idea to start using digital signatures, at least.