Difference between revisions of "Using signature headers to determine if an email has been forged"

From ForensicsWiki
Jump to: navigation, search
m (DomainKeys Identified Mail: - Fixed link)
(Fleshed out slightly)
Line 1: Line 1:
 
{{Expand}}
 
{{Expand}}
 
+
Email signatures, designed for authentication, non-repudiation, and spam control, can also be used to determine if an email has been forged. In the most common case, the forger copies headers from an existing email message to a new one. He could also attempt to change the content of a signed message. Regardless, the signature no longer corresponds to the message and it can be shown that the message is not authentic.
  
 
== DomainKeys Identified Mail ==
 
== DomainKeys Identified Mail ==
 
{{main|DomainKeys Identified Mail}}
 
{{main|DomainKeys Identified Mail}}
 
== Domain Key Signatures ==
 
 
 
These headers, included by the mail server, provide a signature of each message. See [[Gmail Header Format]]. The public keys are distributed via [[Domain Name System|DNS]].
 
These headers, included by the mail server, provide a signature of each message. See [[Gmail Header Format]]. The public keys are distributed via [[Domain Name System|DNS]].
  

Revision as of 14:26, 29 April 2007

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

Email signatures, designed for authentication, non-repudiation, and spam control, can also be used to determine if an email has been forged. In the most common case, the forger copies headers from an existing email message to a new one. He could also attempt to change the content of a signed message. Regardless, the signature no longer corresponds to the message and it can be shown that the message is not authentic.

DomainKeys Identified Mail

These headers, included by the mail server, provide a signature of each message. See Gmail Header Format. The public keys are distributed via DNS.

Signed mail

Some other programs can be used by the sender to sign an email message. Programs such as PGP, GnuPG.

PGP Messages

Messages sent using PGP, or its free equivalents such as GnuPG, have the signature in the message body itself. Each message can be signed, encrypted, or both. Encrypted messages begin with the header

-----BEGIN PGP MESSAGE-----
followed by some optional headers. The optional headers may include the character set of the decoded message, the program and version that created the message, and an optional comment. The end of the message is noted with
-----END PGP MESSAGE-----
Between these two lines are a series of ASCII characters that represent the encrypted or signed message. A signed message has the header
-----BEGIN PGP SIGNATURE-----
at the end of the signed message followed by the same optional headers as encrypted messages. The signature is usually three lines of ASCII characters.

See Also

Retrieved from "http://forensicswiki.org/index.php?title=Using_signature_headers_to_determine_if_an_email_has_been_forged&oldid=6984"