can it be proven that an email was generated then sent via the employers email system, is there a digital trail? and can the employer alter or even delete any digital trail to suit their own business purposes, thanks for your help –
I am asking about methods to verify the origin and to validate the contents of an email. Can my employer manipulate their email server to suit their own interest, meaning: Can my employer delete proof that an email was ever generated or sent, The situation is that my employer sent me 6 emails that have become very incriminating to the employer/business, my employer is now saying that the emails never existed or sent, can I prove that they did exist or were sent or can my employer simply delete all evidence that the emails were sent (all I have are the print outs of the email which my employer is saying are forgeries).
Email authenticity?
- Thread starter Joshua123
- Start date
D
DelJo63
The source-system (not the source-user) of the email is in the headers.
if you View All Headers and SAVE AS something.txt, then Notepad or Wordpad can be used to plow thru the details. A sample is given in the attached file
The order of the headers(top down) will disclose
These ARC-xxx headers will be different per-message, per-smtp server software (aka, Exchange will be very different).
That ARC-Authentication-Results has other origin info:
There may be several RECEIVED: from lines, but the first one is gold:
The Client-IP is the machine upon which the email was created.
these are email standard protocol controls:
IMO, unless there is a legal reason to confront the sender, to protect your job, I highly recommend you drop the case and just move on.
if you View All Headers and SAVE AS something.txt, then Notepad or Wordpad can be used to plow thru the details. A sample is given in the attached file
The order of the headers(top down) will disclose
- where the email came from
- every system thru which the email traveled
- the final recipient
ARC-Seal: I=1; a=rsa-sha256; t=1524016203; cv=none;
ARC-Message-Signature: I=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
ARC-Authentication-Results: I=1; mx.google.com;
are the SMTP origin server processing, the last one tells you it's Google domain(mx.google.com)ARC-Message-Signature: I=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
ARC-Authentication-Results: I=1; mx.google.com;
These ARC-xxx headers will be different per-message, per-smtp server software (aka, Exchange will be very different).
That ARC-Authentication-Results has other origin info:
ARC-Authentication-Results: I=1; mx.google.com;
dkim=pass header.I=@twitter.com header.s=dkim-201406 header.b=hVpo6kTX;
spf=pass (google.com: domain of b0639c2c4b6zxcvbnmlasdfghjk=gmail.com@bounce.twitter.com designates 199.59.150.112 as permitted sender) smtp.mailfrom=b0639c2c4b6zxcvbnmlasdfghjk=gmail.com@bounce.twitter.com;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=twitter.com
dkim=pass header.I=@twitter.com header.s=dkim-201406 header.b=hVpo6kTX;
spf=pass (google.com: domain of b0639c2c4b6zxcvbnmlasdfghjk=gmail.com@bounce.twitter.com designates 199.59.150.112 as permitted sender) smtp.mailfrom=b0639c2c4b6zxcvbnmlasdfghjk=gmail.com@bounce.twitter.com;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=twitter.com
There may be several RECEIVED: from lines, but the first one is gold:
Received: from spruce-goose-bq.twitter.com (spruce-goose-bq.twitter.com. [199.59.150.112])
by mx.google.com with ESMTPS id v32-v6si178674plg.105.2018.04.17.18.50.02
for <zxcvbnmlasdfghjk@gmail.com>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Tue, 17 Apr 2018 18:50:03 -0700 (PDT)
Received-SPF: pass (google.com: domain of b0639c2c4b6zxcvbnmlasdfghjk=gmail.com@bounce.twitter.com designates 199.59.150.112 as permitted sender) client-ip=199.59.150.112;
by mx.google.com with ESMTPS id v32-v6si178674plg.105.2018.04.17.18.50.02
for <zxcvbnmlasdfghjk@gmail.com>
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Tue, 17 Apr 2018 18:50:03 -0700 (PDT)
Received-SPF: pass (google.com: domain of b0639c2c4b6zxcvbnmlasdfghjk=gmail.com@bounce.twitter.com designates 199.59.150.112 as permitted sender) client-ip=199.59.150.112;
The Client-IP is the machine upon which the email was created.
these are email standard protocol controls:
Delivered-To: zxcvbnmlasdfghjk@gmail.com
Date: Wed, 18 Apr 2018 01:50:02 +0000
From: Twitter <notify@twitter.com>
To: zxcvbnmlasdfghjk@gmail.com
Subject: It's Tweet archive time
Date: Wed, 18 Apr 2018 01:50:02 +0000
From: Twitter <notify@twitter.com>
To: zxcvbnmlasdfghjk@gmail.com
Subject: It's Tweet archive time
IMO, unless there is a legal reason to confront the sender, to protect your job, I highly recommend you drop the case and just move on.
D
DelJo63
These headers are embedded within the email itself, so it would be a brutal effort to do so AND your inbox would need to be on the company server rather than you personal PC
D
DelJo63
The SMTP server (that which delivers to the recipient) as server logs that would be easily edited, while the headers in all of your inbox would be massive effort and most unlikely to be attacked -- a major LEGAL issue would need to be at risk to make such an effort and you would have been fired before hand IMO.
AND they would not show up in your inbox if they were removed
AND they would not show up in your inbox if they were removed
Similar threads
Latest posts
-
PlayStation 5 Pro will be bigger, faster, and better using the same CPU
- anastrophe replied
-
New Affordable AMD B650 Motherboard Roundup- Avro Arrow replied
