<< Back to man.ChinaUnix.net
forgeries - how easy it is to forge mail
An electronic mail message can easily be forged. Almost
everything in it, including the return address, is
completely under the control of the sender.
An electronic mail message can be manually traced to its
origin if (1) all system administrators of intermediate
machines are both cooperative and competent, (2) the sender
did not break low-level TCP/IP security, and (3) all
intermediate machines are secure.
Users of cryptography can automatically ensure the integrity
and secrecy of their mail messages, as long as the sending
and receiving machines are secure.
Like postal mail, electronic mail can be created entirely at
the whim of the sender. From, Sender, Return-Path, and
Message-ID can all contain whatever information the sender
For example, if you inject a message through sendmail or
qmail-inject or SMTP, you can simply type in a From field.
In fact, qmail-inject lets you set up MAILUSER, MAILHOST,
and MAILNAME environment variables to produce your desired
From field on every message.
Like postal mail, electronic mail is postmarked when it is
sent. Each machine that receives an electronic mail message
adds a Received line to the top.
A modern Received line contains quite a bit of information.
In conjunction with the machine's logs, it lets a competent
system administrator determine where the machine received
the message from, as long as the sender did not break low-
level TCP/IP security or security on that machine.
Large multi-user machines often come with inadequate logging
software. Fortunately, a system administrator can easily
obtain a copy of a 931/1413/Ident/TAP server, such as
pidentd. Unfortunately, some system administrators fail to
do this, and are thus unable to figure out which local user
was responsible for generating a message.
If all intermediate system administrators are competent, and
the sender did not break machine security or low-level
TCP/IP security, it is possible to trace a message
backwards. Unfortunately, some traces are stymied by
intermediate system administrators who are uncooperative or
The sender of a mail message may place his message into a
cryptographic envelope stamped with his seal. Strong
cryptography guarantees that any two messages with the same
seal were sent by the same cryptographic entity: perhaps a
single person, perhaps a group of cooperating people, but in
any case somebody who knows a secret originally held only by
the creator of the seal. The seal is called a public key.
Unfortunately, the creator of the seal is often an insecure
machine, or an untrustworthy central agency, but most of the
time seals are kept secure.
One popular cryptographic program is pgp.
pgp(1), identd(8), qmail-header(8)
Man(1) output converted with