| 1 | .TH forgeries 7 |
| 2 | .SH "NAME" |
| 3 | forgeries \- how easy it is to forge mail |
| 4 | .SH "SUMMARY" |
| 5 | An electronic mail message can easily be forged. |
| 6 | Almost everything in it, |
| 7 | including the return address, |
| 8 | is completely under the control of the sender. |
| 9 | |
| 10 | An electronic mail message can be manually traced to its origin |
| 11 | if (1) all system administrators of intermediate machines |
| 12 | are both cooperative and competent, |
| 13 | (2) the sender did not break low-level TCP/IP security, |
| 14 | and |
| 15 | (3) all intermediate machines are secure. |
| 16 | |
| 17 | Users of |
| 18 | .I cryptography |
| 19 | can automatically ensure the integrity and secrecy |
| 20 | of their mail messages, as long as |
| 21 | the sending and receiving machines are secure. |
| 22 | .SH "FORGERIES" |
| 23 | Like postal mail, |
| 24 | electronic mail can be created entirely at the whim of the sender. |
| 25 | .BR From , |
| 26 | .BR Sender , |
| 27 | .BR Return-Path , |
| 28 | and |
| 29 | .BR Message-ID |
| 30 | can all contain whatever information the sender wants. |
| 31 | |
| 32 | For example, if you inject a message through |
| 33 | .B sendmail |
| 34 | or |
| 35 | .B qmail-inject |
| 36 | or |
| 37 | .BR SMTP , |
| 38 | you can simply type in a |
| 39 | .B From |
| 40 | field. |
| 41 | In fact, |
| 42 | .B qmail-inject |
| 43 | lets you set up |
| 44 | .BR MAILUSER , |
| 45 | .BR MAILHOST , |
| 46 | and |
| 47 | .B MAILNAME |
| 48 | environment variables |
| 49 | to produce your desired |
| 50 | .B From |
| 51 | field on every message. |
| 52 | .SH "TRACING FORGERIES" |
| 53 | Like postal mail, |
| 54 | electronic mail is postmarked when it is sent. |
| 55 | Each machine that receives an electronic mail message |
| 56 | adds a |
| 57 | .B Received |
| 58 | line to the top. |
| 59 | |
| 60 | A modern |
| 61 | .B Received |
| 62 | line contains quite a bit of information. |
| 63 | In conjunction with the machine's logs, |
| 64 | it lets a competent system administrator |
| 65 | determine where the machine received the message from, |
| 66 | as long as the sender did not break low-level TCP/IP security |
| 67 | or security on that machine. |
| 68 | |
| 69 | Large multi-user machines often come with inadequate logging software. |
| 70 | Fortunately, a system administrator can easily obtain a copy of a |
| 71 | 931/1413/Ident/TAP server, such as |
| 72 | .BR pidentd . |
| 73 | Unfortunately, |
| 74 | some system administrators fail to do this, |
| 75 | and are thus unable to figure out which local user |
| 76 | was responsible for generating a message. |
| 77 | |
| 78 | If all intermediate system administrators are competent, |
| 79 | and the sender did not break machine security or low-level TCP/IP security, |
| 80 | it is possible to trace a message backwards. |
| 81 | Unfortunately, some traces are stymied by intermediate system |
| 82 | administrators who are uncooperative or untrustworthy. |
| 83 | .SH "CRYPTOGRAPHY" |
| 84 | The sender of a mail message may place his message into a |
| 85 | .I cryptographic |
| 86 | envelope stamped with his seal. |
| 87 | Strong cryptography guarantees that any two messages with the same seal |
| 88 | were sent by the same cryptographic entity: |
| 89 | perhaps a single person, perhaps a group of cooperating people, |
| 90 | but in any case somebody who knows a secret originally held |
| 91 | only by the creator of the seal. |
| 92 | The seal is called a |
| 93 | .I public key\fR. |
| 94 | |
| 95 | Unfortunately, the creator of the seal is often an insecure machine, |
| 96 | or an untrustworthy central agency, |
| 97 | but most of the time seals are kept secure. |
| 98 | |
| 99 | One popular cryptographic program is |
| 100 | .BR pgp . |
| 101 | .SH "SEE ALSO" |
| 102 | pgp(1), |
| 103 | identd(8), |
| 104 | qmail-header(8) |