I have just received an important email that I'd like to post online. However, I would like to know if there is some way of proving to the Internet that it is authentic (that the sender actually sent this message to me and I am not making it up). I am using Windows 7 and Windows Live Mail.
Asked
Active
Viewed 1,834 times
3 Answers
2
You can't, after the fact. Next time, have them sign it with their private key.
The best you can do is post the raw source with all the headers intact, but it's still easily faked.
Spiff
- 110,156
2
Its pretty trivial to spoof an e mail - from spoofing the mail client into syncing 'sent mail' to the client - (There's a paper on it - here's an abstract, since I don't have access to my school online library at the moment) to even sending an email with fake information. In the case of windows live mail, I believe its a matter of dragging and dropping a email file into the relevant folder, and this is well documented.
Emails are from a kinder gentler more trusting era, and the protocol implicitly trusts folks. You might be able to use the ip address on the header or some anti-spam extentions to email such as dkim to ascertain if its the correct server, but as its designed, its a pretty trusting protocol.
Its PRETTY hard to prove an arbitary email is from a specific sender, as a result.
Journeyman Geek
- 133,878
0
About the only thing I could suggest is that the sender resend the message with a signed PGP trailer for the message.
mdpc
- 4,489