forgeries - how easy it is to forge mail

SUMMARY

       An  electronic  mail message can easily be forged.  Almost
       everything in it, including the return  address,  is  com-
       pletely under the control of the sender.

       An  electronic  mail message can be manually traced to its
       origin if (1) all system  administrators  of  intermediate
       machines  are  both  cooperative  and  competent,  (2) the
       sender did not break low-level TCP/IP  security,  and  (3)
       all intermediate machines are secure.

       Users   of   cryptography  can  automatically  ensure  the
       integrity and secrecy of their mail messages, as  long  as
       the sending and receiving machines are secure.

FORGERIES

       Like  postal mail, electronic mail can be created entirely
       at the whim of the sender.  From, Sender, Return-Path, and
       Message-ID can all contain whatever information the sender
       wants.

       For example, if you inject a message through  sendmail  or
       qmail-inject or SMTP, you can simply type in a From field.
       In fact, qmail-inject lets you set up MAILUSER,  MAILHOST,
       and MAILNAME environment variables to produce your desired
       From field on every message.

TRACING FORGERIES

       Like postal mail, electronic mail is postmarked when it is
       sent.   Each machine that receives an electronic mail mes-
       sage adds a Received line to the top.

       A modern Received line contains quite a  bit  of  informa-
       tion.   In  conjunction with the machine's logs, it lets a
       competent system administrator determine where the machine
       received  the  message from, as long as the sender did not
       break  low-level  TCP/IP  security  or  security  on  that
       machine.

       Large  multi-user machines often come with inadequate log-
       ging software.  Fortunately, a  system  administrator  can
       easily  obtain a copy of a 931/1413/Ident/TAP server, such
       as pidentd.  Unfortunately, many incompetent system admin-
       istrators  fail  to do this, and are thus unable to figure
       out which local user was responsible for generating a mes-
       sage.

       If  all  intermediate system administrators are competent,
       and the sender did not break machine security or low-level
       TCP/IP  security,  it is possible to trace a message back-
       or untrustworthy.

CRYPTOGRAPHY

       The sender of a mail message may place his message into  a
       cryptographic  envelope  stamped  with  his  seal.  Strong
       cryptography guarantees that any  two  messages  with  the
       same seal were sent by the same cryptographic entity: per-
       haps a single person, perhaps a group of cooperating  peo-
       ple,  but  in  any case somebody who knows a secret origi-
       nally held only by the creator of the seal.  The  seal  is
       called a public key.

       Unfortunately,  the  creator of the seal is often an inse-
       cure machine, or an untrustworthy central agency, but most
       of the time seals are kept secure.

       One popular cryptographic program is pgp.

SEE ALSO

       pgp(1), identd(8), qmail-header(8)