Re: SBS SYSTEM But Oulook Question that I find scary! (Figured Out)

Joe,

Many thanks for a very good bit of feedback on this matter it really has been very much appreciated.

What it means now is that I will have to go over current clients who rely on the email side being 100% and verifiable and come up with some other solution for possibly archiving all sent email etc...

Something so simple yet.. and something that appears to be causing one client a major headache..

Thanks again!

Gordon

"Joe" <joe@xxxxxxxxxxxxxx> wrote in message news:eKDk6gxTIHA.4752@xxxxxxxxxxxxxxxxxxxxxxx
Gordon Keenan wrote:
Hi Allan,

Well that is why I am asking about this...

I can honestly say that I have allowed myself to be ignorant to a degree and have always assumed that ANY EMAIL IN THE SENT ITEMS FOLDER was PROOF of what you SENT. It's quite clear it is nothing of the sort.

What I do find amazing here is that a client has a very tricky situation here and I cannot see a way to solve this for them.

A worker has sent an email to another business saying A B C

The business who recived the email (this was in 2006!!! and only now coming to light) says the email said A B

They emailed the email they said they received and on it it has A and B only

When the firm checks the senders SENT ITEMS they see in there that it says A B C

So... the probelm here is... How to prove if it was the sender or the receiver who has changed the email information?

Anyone care to work this one out? I cannto see any way that this can be solved to PROVE 100% who has done what.





Not at this stage. But this is one reason why people

a) Journal all email in and out, which *proves* nothing but shows the truth to the journal owner, and/or

b) Digitally sign emails, so that tampering results in an invalid signature, and nobody else has the signing key to forge a valid but different message.

Important documents can be sent as locked PDFs or other difficult-to-alter file formats, but only the use of digital certificates offers real accountability.

There may be something that can be done with an existing message, depending on how it was altered, and what format the message was in to begin with. Many people send HTML email, probably without knowing, and the text is normally repeated in plain form for those whose email clients are configured not to render HTML. A careful examination of an exported .eml file (in fact plain ASCII text) might reveal tampering. It would prove nothing, though, as anyone could have altered it, including you.

Another possibility is that logs exist which show the size of the original email in bytes. It gets a bit messy, but creating two new emails like your 'before' and 'after' versions and examining the logs for them might show which was the real 'sent' one. Of course, full SMTP logs are not enabled by default, so you probably don't have the original outgoing log. Another reason to run full SMTP logging all the time, though it's unlikely anyone would keep the logs for that long. Again, the log files are plain text, and can be edited with Notepad, so no proof.

As you can see, email is a bit slippery. Microsoft makes it a point of honour that nobody ever sees the real message that is sent and received, and has a habit of slipping its own little extras in. Even other peoples' email clients don't normally show you exactly what's there, for example you need to ask Thunderbird to display the message source to see exactly what it contains. Outlook will grudgingly show you the headers, but in a small window, and you still can't be sure it isn't hiding anything. Exporting an .eml file is about the best you can do, and I'm not absolutely certain you can do that from recent Outlooks. Outlook Express and Windows Mail can do it.

.

Relevant Pages

  • Re: SBS SYSTEM But Oulook Question that I find scary! (Figured Out)
    ... Many people send HTML email, probably without knowing, and the text is normally repeated in plain form for those whose email clients are configured not to render HTML. ... but creating two new emails like your 'before' and 'after' versions and examining the logs for them might show which was the real 'sent' one. ... Outlook will grudgingly show you the headers, but in a small window, and you still can't be sure it isn't hiding anything. ... Exporting an .eml file is about the best you can do, and I'm not absolutely certain you can do that from recent Outlooks. ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS SYSTEM But Oulook Question that I find scary! (Figured Out)
    ... The time stamp is the same when I tried it out... ... but creating two new emails like your 'before' and 'after' versions and examining the logs for them might show which was the real 'sent' one. ... Outlook will grudgingly show you the headers, but in a small window, and you still can't be sure it isn't hiding anything. ... Exporting an .eml file is about the best you can do, and I'm not absolutely certain you can do that from recent Outlooks. ...
    (microsoft.public.windows.server.sbs)
  • Re: Exchange Connectivity
    ... MS Outlook 2003 clients are unable to connect to the mail server. ... Logs ...
    (microsoft.public.exchange.admin)
  • Re: Vanished Emails
    ... Could not find anything in the logs. ... antivirus applications that quarantine or delete the whole mail store when ... onsite today and I will try starting outlook with the /cleanrules. ... Archive is not turned on - no archive folder is present. ...
    (microsoft.public.windows.server.sbs)
  • Re: win98 clients cant connect to 2k3 RAS/VPN server
    ... and look at the logs. ... > In august, I setup a 2k3 server to run RAS as mainly a VPN server, and I ... > security updates have cause the Win98 clients to NOT create a VPN ... and the win98 clients connect without ANY problems at all. ...
    (microsoft.public.win2000.ras_routing)
Loading