forgeries - how easy it is to forge mail
SUMMARY
An electronic mail message can easily be forged. Almost
everything in it, including the return address, is com-
pletely under the control of the sender.
An electronic mail message can be manually traced to its
origin if (1) all system administrators of intermediate
machines are both cooperative and competent, (2) the
sender did not break low-level TCP/IP security, and (3)
all intermediate machines are secure.
Users of cryptography can automatically ensure the
integrity and secrecy of their mail messages, as long as
the sending and receiving machines are secure.
FORGERIES
Like postal mail, electronic mail can be created entirely
at the whim of the sender. From, Sender, Return-Path, and
Message-ID can all contain whatever information the sender
wants.
For example, if you inject a message through sendmail or
qmail-inject or SMTP, you can simply type in a From field.
In fact, qmail-inject lets you set up MAILUSER, MAILHOST,
and MAILNAME environment variables to produce your desired
From field on every message.
TRACING FORGERIES
Like postal mail, electronic mail is postmarked when it is
sent. Each machine that receives an electronic mail mes-
sage adds a Received line to the top.
A modern Received line contains quite a bit of informa-
tion. In conjunction with the machine's logs, it lets a
competent system administrator determine where the machine
received the message from, as long as the sender did not
break low-level TCP/IP security or security on that
machine.
Large multi-user machines often come with inadequate log-
ging software. Fortunately, a system administrator can
easily obtain a copy of a 931/1413/Ident/TAP server, such
as pidentd. Unfortunately, many incompetent system admin-
istrators fail to do this, and are thus unable to figure
out which local user was responsible for generating a mes-
sage.
If all intermediate system administrators are competent,
and the sender did not break machine security or low-level
TCP/IP security, it is possible to trace a message back-
or untrustworthy.
CRYPTOGRAPHY
The sender of a mail message may place his message into a
cryptographic envelope stamped with his seal. Strong
cryptography guarantees that any two messages with the
same seal were sent by the same cryptographic entity: per-
haps a single person, perhaps a group of cooperating peo-
ple, but in any case somebody who knows a secret origi-
nally held only by the creator of the seal. The seal is
called a public key.
Unfortunately, the creator of the seal is often an inse-
cure machine, or an untrustworthy central agency, but most
of the time seals are kept secure.
One popular cryptographic program is pgp.
SEE ALSO
pgp(1), identd(8), qmail-header(8)