GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  FORGERIES (7)

NAME

forgeries - how easy it is to forge mail

CONTENTS

SUMMARY

An electronic mail message can easily be forged. Almost everything in it, including the return address, is completely under the control of the sender.

An electronic mail message can be manually traced to its origin if (1) all system administrators of intermediate machines are both cooperative and competent, (2) the sender did not break low-level TCP/IP security, and (3) all intermediate machines are secure.

Users of cryptography can automatically ensure the integrity and secrecy of their mail messages, as long as the sending and receiving machines are secure.

FORGERIES

Like postal mail, electronic mail can be created entirely at the whim of the sender. From, Sender, Return-Path, and Message-ID can all contain whatever information the sender wants.

For example, if you inject a message through sendmail or qmail-inject or SMTP, you can simply type in a From field. In fact, qmail-inject lets you set up MAILUSER, MAILHOST, and MAILNAME environment variables to produce your desired From field on every message.

TRACING FORGERIES

Like postal mail, electronic mail is postmarked when it is sent. Each machine that receives an electronic mail message adds a Received line to the top.

A modern Received line contains quite a bit of information. In conjunction with the machine’s logs, it lets a competent system administrator determine where the machine received the message from, as long as the sender did not break low-level TCP/IP security or security on that machine.

Large multi-user machines often come with inadequate logging software. Fortunately, a system administrator can easily obtain a copy of a 931/1413/Ident/TAP server, such as pidentd. Unfortunately, some system administrators fail to do this, and are thus unable to figure out which local user was responsible for generating a message.

If all intermediate system administrators are competent, and the sender did not break machine security or low-level TCP/IP security, it is possible to trace a message backwards. Unfortunately, some traces are stymied by intermediate system administrators who are uncooperative or untrustworthy.

CRYPTOGRAPHY

The sender of a mail message may place his message into a cryptographic envelope stamped with his seal. Strong cryptography guarantees that any two messages with the same seal were sent by the same cryptographic entity: perhaps a single person, perhaps a group of cooperating people, but in any case somebody who knows a secret originally held only by the creator of the seal. The seal is called a public key.

Unfortunately, the creator of the seal is often an insecure machine, or an untrustworthy central agency, but most of the time seals are kept secure.

One popular cryptographic program is pgp.

SEE ALSO

pgp(1), identd(8), qmail-header(8)
Search for    or go to Top of page |  Section 7 |  Main Index


FORGERIES (7) -->

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.