NAME¶
forgeries - how easy it is to forge mail
SUMMARY¶
An electronic mail message can easily be forged. Almost everything in it,
including the return address, is completely under the control of the sender.
An electronic mail message can be manually traced to its origin if (1) all
system administrators of intermediate machines are both cooperative and
competent, (2) the sender did not break low-level TCP/IP security, and (3) all
intermediate machines are secure.
Users of
cryptography can automatically ensure the integrity and secrecy
of their mail messages, as long as the sending and receiving machines are
secure.
FORGERIES¶
Like postal mail, electronic mail can be created entirely at the whim of the
sender.
From,
Sender,
Return-Path, and
Message-ID
can all contain whatever information the sender wants.
For example, if you inject a message through
sendmail or
qmail-inject or
SMTP, you can simply type in a
From
field. In fact,
qmail-inject lets you set up
MAILUSER,
MAILHOST, and
MAILNAME environment variables to produce your
desired
From field on every message.
TRACING FORGERIES¶
Like postal mail, electronic mail is postmarked when it is sent. Each machine
that receives an electronic mail message adds a
Received line to the
top.
A modern
Received line contains quite a bit of information. In
conjunction with the machine's logs, it lets a competent system administrator
determine where the machine received the message from, as long as the sender
did not break low-level TCP/IP security or security on that machine.
Large multi-user machines often come with inadequate logging software.
Fortunately, a system administrator can easily obtain a copy of a
931/1413/Ident/TAP server, such as
pidentd. Unfortunately, some system
administrators fail to do this, and are thus unable to figure out which local
user was responsible for generating a message.
If all intermediate system administrators are competent, and the sender did not
break machine security or low-level TCP/IP security, it is possible to trace a
message backwards. Unfortunately, some traces are stymied by intermediate
system administrators who are uncooperative or untrustworthy.
CRYPTOGRAPHY¶
The sender of a mail message may place his message into a
cryptographic
envelope stamped with his seal. Strong cryptography guarantees that any two
messages with the same seal were sent by the same cryptographic entity:
perhaps a single person, perhaps a group of cooperating people, but in any
case somebody who knows a secret originally held only by the creator of the
seal. The seal is called a
public key.
Unfortunately, the creator of the seal is often an insecure machine, or an
untrustworthy central agency, but most of the time seals are kept secure.
One popular cryptographic program is
pgp.
SEE ALSO¶
pgp(1),
identd(8), qmail-header(8)