Helping people with computers... one answer at a time.

Email is easy, ubiquitous, and almost trivial to forge or alter. We'll look at why that is, what it means, and one approach to avoiding it.

Hi, I received e-mails (printed out). I am being told by the person who is said to have originally sent the e-mails that they are fabricated e-mails. In other words, he claims that he sent an e-mail to someone and that person modified the content to make it look like they were his words. Can this easily be done. How can I tell if it's been altered or if it is an original?

One of email's "dirty little secrets" is the answer to your question: it's trivially easy to alter email as you describe.

In fact, if I understand the scenario you're describing, it might even be easier than that.

There are technologies to help ensure the integrity of messages, but unfortunately they're not something you can apply after-the-fact.

If I understand you correctly, you've been handed a print out - a piece of paper - that contains an email message.

You, I or anyone can make a print out look like whatever we want. Just fire up a word processor, text editor, or even a photo editor, and type in what you want. If you have a message to start with, then copy/paste that in as a place to start, but then sure ... edit the heck out of it. There's nothing to stop you.

"And once printed, there's no easy way to prove that it was never a real email."

And once printed, there's no easy way to prove that it was never a real email.

Even without resorting to additional editing tools, some email programs will actually let you edit the message you've received. You can go in, change whatever words you'd like, and then save it, print it out or whatever. Again, it's not that obvious that the message has been altered, particularly once printed.

Where this kind of alteration is more common, though, is not printing, but when forwarding an email.

When you forward an email, most email programs place the original email into the edit window such that you can add your own comments or additional information before you send the message on. The problem is that there's nothing to prevent you from also editing the message being forwarded. Change a "yes" to a "no", a "love" to a "hate" or just add "dis" in front of "agree" and you can completely change the apparent meaning of the original message.

The net result: don't believe everything you read.

There is a solution, but it's something that must be done to a message before it's been sent, and that is to apply a digital signature.

A digital signature uses cryptography to create a fairly random looking string of data that is included with the message being sent:

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)

iD8DBQFErFtgCMEe9B/8oqERAupmAKCLH0gSQUJjXQd/SYfjAWAaP/I6mwCgiAT1
1Rpc2RK7GB29LToJfPrYOwg=
=z7A1
-----END PGP SIGNATURE-----

(Specifics may vary, but that's the general idea.)

This isn't random data at all. It actually uses some heavy-duty math to incorporate two important pieces of data:

  • The identity (via public key cryptography) of the sender

  • The entire body of the message

By re-calculating when the message is read, the recipient can then confirm:

  • The sender is who the sender claims to be

  • The message has not been altered in any way

Unfortunately, digital signatures (and email cryptography in general) remain uncommon and have several obstacles to widespread adoption. If you know beforehand that message alteration is an important risk for you to avoid, then it's a useful tool to investigate.

Article C3866 - September 12, 2009 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

8 Comments
Ron
September 15, 2009 10:53 AM

I use outlook 2003 and I am unable to edit emails. I have just tried to do so and when I deleted part of the email message the whole email disapeared.

That's a frustrating side-effect of how some email is encoded in HTML and how some email programs handle it. Yo may be able to make changes within only certain portions of the email, or other email programs may be able to make changes.
Leo
16-Sep-2009

audrey
September 15, 2009 11:57 AM

I was told that an e-mail in its electronic original has various codes that allow an expert to verifiy its origin and any alterations made after the original sender. For government disclosure requirements, and I expect any e-mail that will be used for legal purposes, the electronic version of the e-mail must be archived, not a printout.

Email can have those codes - digital signatures - but most do not.
Leo
16-Sep-2009

MissInformation
September 15, 2009 12:01 PM

Could you ask the person who originally sent the e-mails to show you the original e-mail, by logging into his “sent items” folder (in his e-mail account)? What do you think Leo, would an e-mail message in the “Sent items” folder be ‘proof’ enough of the original e-mail content, or can a person alter those also?

Those can also be altered.
Leo
16-Sep-2009

Cedric
September 15, 2009 12:18 PM

Any email can be modified, whether in Outlook 2003, in the sent folder or not. The procedure may change depending on the email program, but it can be done. As Leo mentioned, digital signing is one of the ways to ensure what you send stays what you want it to be! This is often required in legal and government situations.

Steve
September 16, 2009 6:39 AM

Sending an original email I can be who I like to the untrained eye. All I need to do is change "Name" under the account details and the "Reply To" address and I could be Barack Obama!

tex
October 26, 2009 5:07 AM

can the contents of a web mail be altered ?

if emails can be altered, why are they considered as evidence (e.g., Mark Sanford email to mistress - couldn't he have said it was altered )?

I think he would have had to prove it had been altered. Quite different, but as I often say: I'm no lawyer.
Leo
26-Oct-2009

DavidW
December 24, 2010 7:29 AM

Burden of proof remains with the prosecution, always.

Email should never be used as evidence. I'd love someone to try and take me to court over an email. I'd have a field day editing away, and it wouldn't change a thing in the email properties. :-)

christine
January 27, 2012 9:51 AM

Can the date an e-mail was sent be altered? If a person did not send a reply until you bugged them about it, can they create an e-mail with a previous date to make it look like they did respond to you?

Yes and yes.
Leo
28-Jan-2012

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.