SUMMARY

       An  electronic mail message can easily be forged.  Almost everything in
       it, including the return	address, is completely under  the  control  of
       the sender.

       An  electronic mail message can be manually traced to its origin	if (1)
       all system administrators of intermediate machines are both cooperative
       and  competent, (2) the sender did not break low-level TCP/IP security,
       and (3) all intermediate	machines are secure.

       Users of	 cryptography  can  automatically  ensure  the	integrity  and
       secrecy	of  their  mail	messages, as long as the sending and receiving
       machines	are secure.

FORGERIES

       Like postal mail, electronic mail can be	created	entirely at  the  whim
       of  the sender.	From, Sender, Return-Path, and Message-ID can all con-
       tain whatever information the sender wants.

       For example, if you inject a message through sendmail  or  qmail-inject
       or  SMTP,  you  can simply type in a From field.	 In fact, qmail-inject
       lets you	set up MAILUSER, MAILHOST, and MAILNAME	environment  variables
       to produce your desired From field on every message.

TRACING FORGERIES

       Like  postal mail, electronic mail is postmarked	when it	is sent.  Each
       machine that receives an	electronic mail	message	adds a	Received  line
       to the top.

       A  modern  Received  line contains quite	a bit of information.  In con-
       junction	with the machine's logs, it lets a competent  system  adminis-
       trator  determine  where	the machine received the message from, as long
       as the sender did not break low-level TCP/IP security  or  security  on
       that machine.

       Large  multi-user machines often	come with inadequate logging software.
       Fortunately, a system administrator can	easily	obtain	a  copy	 of  a
       931/1413/Ident/TAP server, such as pidentd.  Unfortunately, some	system
       administrators fail to do this, and are thus unable to figure out which
       local user was responsible for generating a message.

       If all intermediate system administrators are competent,	and the	sender
       did not break machine security or low-level TCP/IP security, it is pos-
       sible  to  trace	 a  message backwards.	Unfortunately, some traces are
       stymied by intermediate system administrators who are uncooperative  or
       untrustworthy.

CRYPTOGRAPHY

       The sender of a mail message may	place his message into a cryptographic
       envelope	stamped	with his seal.	Strong	cryptography  guarantees  that
       any two messages	with the same seal were	sent by	the same cryptographic
       entity: perhaps a single	person,	perhaps	a group	of cooperating people,
				       7		   s/qmail:(forgeries)