Comment by crazygringo

4 years ago

I had no idea there was an API to modify the content of existing e-mails.

Sorry if this is a dumb question, but doesn't this open up the ability alter e-mail history at will? And so alter e-mails you'd received and/or sent?

Is there a record of this somewhere? What effect does this have on using e-mails as evidence in court cases, for example? Or is there a technical detail that necessarily gives this away?

> doesn't this open up the ability alter e-mail history at will?

Yes. It should invalidate the DKIM signature though, which mainstream servers add to each email now. So it's possible to prove the contents of that email haven't been tampered with... assuming you have a record of the sending domain's public DKIM key. I imagine your email provider would have logs indicating you modified an email too, but I have no evidence of this, nor how eagerly they would dig up such logs for a court if they have any.

I have no idea how people deal with this in practice in court. (What if the domain's DKIM key has changed? Is there an authoritative source of old DKIM keys for most domains?)

  • I highly suspect that, in the vast majority of legal proceedings (all but the most high-budget high-stakes ones), all involved simple assume that all the (PDF exports of / hard-copy print-outs of) emails in the case files are genuine. I doubt that the possibility of email tampering even occurs to them.

    And, in the minority of cases where it really matters, and where they really suspect foul play, them I'd assume that they rely on numerous bits of technical evidence (proxy copies, CC'ed copies, file system forensics), plus on one person's testimony vs another's, because as you say, DKIM's usefulness is limited.

    • Isn't that the part of the trial where a lawyer asks a witness or defendant or whoever "Did you on the date X write an email saying "blah"? And the person says yes. That avoids assumptions since no-body challenges it.

      1 reply →

> I had no idea there was an API to modify the content of existing e-mails.

There isn't. As per the article, the application creates a copy of the original email, sans the attachment, then deletes the original.

Emails are just text files including the headers, contents and encoded attachments. Unless they are digitally signed (usually not the case) it's trivial to edit.