

Device and Network Interfaces                        forgeries(7)


NNNNAAAAMMMMEEEE
     forgeries - how easy it is to forge mail

SSSSUUUUMMMMMMMMAAAARRRRYYYY
     An electronic mail message can  easily  be  forged.   Almost
     everything  in  it,  including  the  return address, is com-
     pletely under the control of the sender.

     An electronic mail message can be  manually  traced  to  its
     origin  if  (1)  all  system  administrators of intermediate
     machines are both cooperative and competent, (2) the  sender
     did  not break low-level TCP/IP security, and (3) all inter-
     mediate machines are secure.

     Users of _c_r_y_p_t_o_g_r_a_p_h_y can automatically ensure the integrity
     and  secrecy  of their mail messages, as long as the sending
     and receiving machines are secure.

FFFFOOOORRRRGGGGEEEERRRRIIIIEEEESSSS
     Like postal mail, electronic mail can be created entirely at
     the  whim  of  the  sender.   FFFFrrrroooommmm, SSSSeeeennnnddddeeeerrrr, RRRReeeettttuuuurrrrnnnn----PPPPaaaatttthhhh, and
     MMMMeeeessssssssaaaaggggeeee----IIIIDDDD can all contain whatever information  the  sender
     wants.

     For example, if you inject a  message  through  sssseeeennnnddddmmmmaaaaiiiillll  or
     qqqqmmmmaaaaiiiillll----iiiinnnnjjjjeeeecccctttt  or  SSSSMMMMTTTTPPPP, you can simply type in a FFFFrrrroooommmm field.
     In fact, qqqqmmmmaaaaiiiillll----iiiinnnnjjjjeeeecccctttt lets you set  up  MMMMAAAAIIIILLLLUUUUSSSSEEEERRRR,  MMMMAAAAIIIILLLLHHHHOOOOSSSSTTTT,
     and  MMMMAAAAIIIILLLLNNNNAAAAMMMMEEEE  environment variables to produce your desired
     FFFFrrrroooommmm field on every message.

TTTTRRRRAAAACCCCIIIINNNNGGGG FFFFOOOORRRRGGGGEEEERRRRIIIIEEEESSSS
     Like postal mail, electronic mail is postmarked when  it  is
     sent.  Each machine that receives an electronic mail message
     adds a RRRReeeecccceeeeiiiivvvveeeedddd line to the top.

     A modern RRRReeeecccceeeeiiiivvvveeeedddd line contains quite a bit of  information.
     In  conjunction with the machine's logs, it lets a competent
     system administrator determine where  the  machine  received
     the  message  from, as long as the sender did not break low-
     level TCP/IP security or security on that machine.

     Large multi-user machines often come with inadequate logging
     software.   Fortunately,  a  system administrator can easily
     obtain a  copy  of  a  931/1413/Ident/TAP  server,  such  as
     ppppiiiiddddeeeennnnttttdddd.   Unfortunately, some system administrators fail to
     do this, and are thus unable to figure out which local  user
     was responsible for generating a message.

     If all intermediate system administrators are competent, and
     the  sender  did  not  break  machine  security or low-level
     TCP/IP security, it is possible to  trace  a  message  back-
     wards.    Unfortunately,   some   traces   are   stymied  by


SunOS 5.11                Last change:                          1


Device and Network Interfaces                        forgeries(7)


     intermediate system administrators who are uncooperative  or
     untrustworthy.

CCCCRRRRYYYYPPPPTTTTOOOOGGGGRRRRAAAAPPPPHHHHYYYY
     The sender of a mail message may place his  message  into  a
     _c_r_y_p_t_o_g_r_a_p_h_i_c  envelope stamped with his seal.  Strong cryp-
     tography guarantees that any two messages with the same seal
     were  sent by the same cryptographic entity:  perhaps a sin-
     gle person, perhaps a group of cooperating  people,  but  in
     any case somebody who knows a secret originally held only by
     the creator of the seal.  The seal is called a _p_u_b_l_i_c _k_e_y.

     Unfortunately, the creator of the seal is often an  insecure
     machine, or an untrustworthy central agency, but most of the
     time seals are kept secure.

     One popular cryptographic program is ppppggggpppp.

SSSSEEEEEEEE AAAALLLLSSSSOOOO
     pgp(1), identd(8), qmail-header(8)


SunOS 5.11                Last change:                          2