Helping people with computers... one answer at a time.
Email is easy, ubiquitous, and almost trivial to forge or alter. We'll look at why that is, what it means, and one approach to avoiding it.
Hi, I received e-mails (printed out). I am being told by the person who is said to have originally sent the e-mails that they are fabricated e-mails. In other words, he claims that he sent an e-mail to someone and that person modified the content to make it look like they were his words. Can this easily be done. How can I tell if it's been altered or if it is an original?
One of email's "dirty little secrets" is the answer to your question: it's trivially easy to alter email as you describe.
In fact, if I understand the scenario you're describing, it might even be easier than that.
There are technologies to help ensure the integrity of messages, but unfortunately they're not something you can apply after-the-fact.
If I understand you correctly, you've been handed a print out - a piece of paper - that contains an email message.
You, I or anyone can make a print out look like whatever we want. Just fire up a word processor, text editor, or even a photo editor, and type in what you want. If you have a message to start with, then copy/paste that in as a place to start, but then sure ... edit the heck out of it. There's nothing to stop you.
And once printed, there's no easy way to prove that it was never a real email.
Even without resorting to additional editing tools, some email programs will actually let you edit the message you've received. You can go in, change whatever words you'd like, and then save it, print it out or whatever. Again, it's not that obvious that the message has been altered, particularly once printed.
Where this kind of alteration is more common, though, is not printing, but when forwarding an email.
When you forward an email, most email programs place the original email into the edit window such that you can add your own comments or additional information before you send the message on. The problem is that there's nothing to prevent you from also editing the message being forwarded. Change a "yes" to a "no", a "love" to a "hate" or just add "dis" in front of "agree" and you can completely change the apparent meaning of the original message.
The net result: don't believe everything you read.
There is a solution, but it's something that must be done to a message before it's been sent, and that is to apply a digital signature.
A digital signature uses cryptography to create a fairly random looking string of data that is included with the message being sent:
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (MingW32) iD8DBQFErFtgCMEe9B/8oqERAupmAKCLH0gSQUJjXQd/SYfjAWAaP/I6mwCgiAT1 1Rpc2RK7GB29LToJfPrYOwg= =z7A1 -----END PGP SIGNATURE-----
(Specifics may vary, but that's the general idea.)
This isn't random data at all. It actually uses some heavy-duty math to incorporate two important pieces of data:
The identity (via public key cryptography) of the sender
The entire body of the message
By re-calculating when the message is read, the recipient can then confirm:
The sender is who the sender claims to be
The message has not been altered in any way
Unfortunately, digital signatures (and email cryptography in general) remain uncommon and have several obstacles to widespread adoption. If you know beforehand that message alteration is an important risk for you to avoid, then it's a useful tool to investigate.
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.