June 23rd, 2013, 06:50 PM
Changing dates on emails sent
Hi, i do hope that someone can help me.
I am having a problem with a colleague at work, for some reason when i joined the company she took an instant dislike to me.
She is now making me look incompetent and at a recent meeting she said that she sent me this email [which she did not!] and she
then said she would forward the email to me again and when this email arrived there was the copy of the email she said she sent me 4 weeks ago with the header details all there for all to see, but i swear to God i check all my emails and she did not send me that email.
Someone has suggested to me that she might be changing the date on her computer and then sending it and I am now not sure where to go or how to prove my innocence.
Please can anyone advise me what I can do
June 23rd, 2013, 07:56 PM
This is one of the inherent problems with these very old email standards. The Date: line in the body header can be sent with any Time/Date the user chooses. If there is no Date: line, the server will add one. For that reason, the email program that I wrote does not supply a Date: line.
But you can always examine the SMTP header to find out when the server actually processed the message. Every server that the message passes through adds it's own "Received from:" to the top of the message. So the route can be figured out by reversing the "Received from:" lines in the message header. One word of caution though. Since there is nothing to separate the SMTP header from the Body header, the first "Received from:" line or 2 can be spoofed. So you have to examine the complete routing to make sure it is consistent. Here is an example from Paypal that has been slightly reformatted and reversed:
Received: from mx0.slc.paypal.com (mx3.slc.paypal.com [22.214.171.124])
by indigo.pobox.com (Postfix) with ESMTP id 98BAC20024C
Tue, 4 Jun 2013 09:16:27 -0400 (EDT)
Received: from localhost.localdomain (localhost [127.0.0.1])
by indigo.pobox.com (Postfix) with ESMTP id 038B4202BA0
Tue, 4 Jun 2013 09:20:14 -0400 (EDT)
Received: from indigo.pobox.com ([126.96.36.199])
by cmta7.telus.net with TELUS
Tue, 04 Jun 2013 07:20:14 -0600
Received: from cmta7.telus.net ([188.8.131.52])
(InterMail vM.8.01.03.00 201-2260-125-20100507) with ESMTP
Tue, 4 Jun 2013 07:20:14 -0600
August 7th, 2013, 04:09 AM
it can be quite easy to mis-lay an email into a folder by accident and not be able to find it, its also easy to delete an email by accident in the client. It is also possible that it somehow never got delivered to your mailbox. To verify the final point you need to try to get hold of the server logs, hope they go back far enough and look thru them for the email being delivered to your mailbox on that date.