Legit Reviews

Computer Hardware: Reviews - Facts - Issues
https://forums.legitreviews.com/

E-mail origin ?

https://forums.legitreviews.com/viewtopic.php?f=10&t=9491

Page 1 of 1

E-mail origin ?

Posted: Mon Apr 23, 2007 3:51 pm
by Merlin
Not sure where to put this one...someone has forwarded my wife an e-mail that is supposed to be a foward from yet another person. Is there a way that I can verify that an e-mail is or is not a fowarded message?? Just to clarify IF need be.

Person A claims that person B has gotten access to their ( A's) e-mail account and is using it to send messages to various people to manipulate them. Person A has forwarded an e-mail supposedly sent by person B to them using A's own e-mail account.

Family is involved here and I am trying to figure out whom I can trust. Is there any technical help you can give me that may help me figure out who actually wrote these messages??

Posted: Mon Apr 23, 2007 3:55 pm
by DMB2000uk
Can't think of anything off my head, but tell person A to change their password.

Dan

Posted: Mon Apr 23, 2007 4:36 pm
by Merlin
thats been done...I just don't know which one A or B is the liar.

Posted: Mon Apr 23, 2007 7:14 pm
by Dragon_Cooler
There is a very very easy way to spoof email accounts and names by know like 3 commands. tis very easy. that might be it, might not. LOL

Posted: Tue Apr 24, 2007 9:08 am
by smack323
what one of the two is more computer literate? thats probally the person who done it.

examine the full email message headers

Posted: Tue Apr 24, 2007 4:11 pm
by road
Short answer: There is uncertainty in determining if emails are legitimate, and unless a crime was committed you may not be able to find the author.

Long answer,
We have three cases here.

1. Person B spoofed person A's email address or more
Look at the full email message, view header information, text, display full whatever the email client wants to call it. Each time an email is received (forwards too) a message block is attached containing the mail server address it was received from. If the mail server address does not belong to the same network as the one listed in the persons email then it was partially spoofed. Check whois information to verify this.
http://www.arin.net/whois/

While you could prove it is spoofed if a mismatch exists between the email address received and network address received, an unsecured mail server would allow someone to send a message that appears to be completely legitimate. There has been a push for email authentication for some time:
http://www.habeas.com/en-US/News/Habeas ... ation-101/


2. Person B compromised Person A's account and sent mail
There is no way using an email or header contents to establish who logged into an email account and sent an email. Access info is stored by the sending mail server and would be provided to law enforcement.


3. Person A sent them and now blames person B
see above

Really interesting topic, I'm sure I've missed some things others will point out. Only option I see left is damage control, so the password was changed, great. =) Sometimes you can also complain to the service provide or mail server admin about the abuse, terms of service may have been violated and they may punish the person even if they won't identify them. Keep us posted and beware false positives.
All times are UTC-06:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited