How easy is it to forge or alter email?

by

Email is easy, ubiquitous, and almost trivial to forge or alter. We'll look at why that is, what it means, and one approach to avoiding it.
Question:

Hi, I received e-mails (printed out). I am being told by the person who is
said to have originally sent the e-mails that they are fabricated e-mails. In
other words, he claims that he sent an e-mail to someone and that person
modified the content to make it look like they were his words. Can this easily
be done. How can I tell if it’s been altered or if it is an original?

One of email’s “dirty little secrets” is the answer to your question: it’s
trivially easy to alter email as you describe.

In fact, if I understand the scenario you’re describing, it might even be
easier than that.

There are technologies to help ensure the integrity of messages, but
unfortunately they’re not something you can apply after-the-fact.

]]>
<![CDATA[

If I understand you correctly, you’ve been handed a print out – a piece of paper – that contains an email message.

You, I or anyone can make a print out look like whatever we want. Just fire up a word processor, text editor, or even a photo editor, and type in what you want. If you have a message to start with, then copy/paste that in as a place to start, but then sure … edit the heck out of it. There’s nothing to stop you.

“And once printed, there’s no easy way to prove that it was never a real email.”

And once printed, there’s no easy way to prove that it was never a real email.

Even without resorting to additional editing tools, some email programs will actually let you edit the message you’ve received. You can go in, change whatever words you’d like, and then save it, print it out or whatever. Again, it’s not that obvious that the message has been altered, particularly once printed.

Where this kind of alteration is more common, though, is not printing, but when forwarding an email.

When you forward an email, most email programs place the original email into the edit window such that you can add your own comments or additional information before you send the message on. The problem is that there’s nothing to prevent you from also editing the message being forwarded. Change a “yes” to a “no”, a “love” to a “hate” or just add “dis” in front of “agree” and you can completely change the apparent meaning of the original message.

The net result: don’t believe everything you read.

There is a solution, but it’s something that must be done to a message before it’s been sent, and that is to apply a digital signature.

A digital signature uses cryptography to create a fairly random looking string of data that is included with the message being sent:

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)
iD8DBQFErFtgCMEe9B/8oqERAupmAKCLH0gSQUJjXQd/SYfjAWAaP/I6mwCgiAT1
1Rpc2RK7GB29LToJfPrYOwg=
=z7A1
-----END PGP SIGNATURE-----

(Specifics may vary, but that’s the general idea.)

This isn’t random data at all. It actually uses some heavy-duty math to incorporate two important pieces of data:

  • The identity (via public key cryptography) of the sender

  • The entire body of the message

By re-calculating when the message is read, the recipient can then confirm:

  • The sender is who the sender claims to be

  • The message has not been altered in any way

Unfortunately, digital signatures (and email cryptography in general) remain uncommon and have several obstacles to widespread adoption. If you know beforehand that message alteration is an important risk for you to avoid, then it’s a useful tool to investigate.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

10 comments on “How easy is it to forge or alter email?”

  1. I use outlook 2003 and I am unable to edit emails. I have just tried to do so and when I deleted part of the email message the whole email disapeared.

    That’s a frustrating side-effect of how some email is encoded in HTML and how some email programs handle it. Yo may be able to make changes within only certain portions of the email, or other email programs may be able to make changes.

    Leo
    16-Sep-2009

    Reply

  2. I was told that an e-mail in its electronic original has various codes that allow an expert to verifiy its origin and any alterations made after the original sender. For government disclosure requirements, and I expect any e-mail that will be used for legal purposes, the electronic version of the e-mail must be archived, not a printout.

    Email can have those codes – digital signatures – but most do not.

    Leo
    16-Sep-2009

    Reply

  3. Any email can be modified, whether in Outlook 2003, in the sent folder or not. The procedure may change depending on the email program, but it can be done. As Leo mentioned, digital signing is one of the ways to ensure what you send stays what you want it to be! This is often required in legal and government situations.

    Reply

  4. Sending an original email I can be who I like to the untrained eye. All I need to do is change “Name” under the account details and the “Reply To” address and I could be Barack Obama!

    Reply

  5. can the contents of a web mail be altered ?

    if emails can be altered, why are they considered as evidence (e.g., Mark Sanford email to mistress – couldn’t he have said it was altered )?

    I think he would have had to prove it had been altered. Quite different, but as I often say: I’m no lawyer.

    Leo
    26-Oct-2009

    Reply

  6. Burden of proof remains with the prosecution, always.

    Email should never be used as evidence. I’d love someone to try and take me to court over an email. I’d have a field day editing away, and it wouldn’t change a thing in the email properties. 🙂

    Reply

  7. Can the date an e-mail was sent be altered? If a person did not send a reply until you bugged them about it, can they create an e-mail with a previous date to make it look like they did respond to you?

    Yes and yes.

    Leo
    28-Jan-2012
    Reply

  8. I have received emails from Hidden Hearing. On one email Hidden Hearing have subsequently altered the content of the previous email. On other occasions they have deleted several emails that they have sent to me and the replies I have sent back to Hidden Hearing from my computer. Is this legal that they can change or delete previously sent emails?.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Additional information is available at https://askleo.com/creative-commons-license/.