1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2013
    Rep Power

    Question Changing dates on emails sent

    Hi, i do hope that someone can help me.
    I am having a problem with a colleague at work, for some reason when i joined the company she took an instant dislike to me.

    She is now making me look incompetent and at a recent meeting she said that she sent me this email [which she did not!] and she
    then said she would forward the email to me again and when this email arrived there was the copy of the email she said she sent me 4 weeks ago with the header details all there for all to see, but i swear to God i check all my emails and she did not send me that email.

    Someone has suggested to me that she might be changing the date on her computer and then sending it and I am now not sure where to go or how to prove my innocence.

    Please can anyone advise me what I can do
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2011
    Rep Power
    This is one of the inherent problems with these very old email standards. The Date: line in the body header can be sent with any Time/Date the user chooses. If there is no Date: line, the server will add one. For that reason, the email program that I wrote does not supply a Date: line.

    But you can always examine the SMTP header to find out when the server actually processed the message. Every server that the message passes through adds it's own "Received from:" to the top of the message. So the route can be figured out by reversing the "Received from:" lines in the message header. One word of caution though. Since there is nothing to separate the SMTP header from the Body header, the first "Received from:" line or 2 can be spoofed. So you have to examine the complete routing to make sure it is consistent. Here is an example from Paypal that has been slightly reformatted and reversed:
    Received: from mx0.slc.paypal.com (mx3.slc.paypal.com [])
    by indigo.pobox.com (Postfix) with ESMTP id 98BAC20024C
    for <xxxxxxxx@pobox.com>;
    Tue, 4 Jun 2013 09:16:27 -0400 (EDT)
    Received: from localhost.localdomain (localhost [])
    by indigo.pobox.com (Postfix) with ESMTP id 038B4202BA0
    for <xxxxxxxxx@telus.net>;
    Tue, 4 Jun 2013 09:20:14 -0400 (EDT)
    Received: from indigo.pobox.com ([])
    by cmta7.telus.net with TELUS
    id kDLE1l00B0vDLju01DLEzS;
    Tue, 04 Jun 2013 07:20:14 -0600
    Received: from cmta7.telus.net ([])
    by priv-edtnes24.telusplanet.net
    (InterMail vM. 201-2260-125-20100507) with ESMTP
    id <20130604132014.KNTO17145.priv-edtnes24.telusplanet.net@cmta7.telus.net>
    for <xxxxxxxx@telus.net>;
    Tue, 4 Jun 2013 07:20:14 -0600

    J.A. Coutts
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2013
    Rep Power

    Missing Email

    it can be quite easy to mis-lay an email into a folder by accident and not be able to find it, its also easy to delete an email by accident in the client. It is also possible that it somehow never got delivered to your mailbox. To verify the final point you need to try to get hold of the server logs, hope they go back far enough and look thru them for the email being delivered to your mailbox on that date.

IMN logo majestic logo threadwatch logo seochat tools logo