How can I prove that an email send record is fake?

BBNSupplements May 14, 2013

I have been shown an email that this guy says he sent me to my Yahoo account. This guy has made it up on his computer. Can any one help me prove this never happened please.

  1. Oron Joffe
    May 15, 2013 at 10:09 am

    Good answers above, although the "fake mails" mentioned in Rajaa's linked articles are a somewhat different issue.

    I assume the dispute arises because you didn't receive the message, and the other person maintains he sent it. Aside from SMTP server records (which you are unlikely to get even if they exist), there's not absolute way to prove that the message wasn't sent, but you can come close. It is sometimes possible to show inconsistencies in the MIME headers, but this is far too complicated to explain (and may not work if the message was produced skilfully).

    If you can meet with the other person, ask him to show you the message, on the screen, IN HIS SENT ITEMS folder. Although there are ways to "plant" things there, it is difficult to do, and if you don't warn him in advance, he is unlikely to have done this. If the message is there, check the time stamp.

    Secondly, check your spam folder (depending on your setup, you may also need to check on your ISP's spam folder) for the message. If a message is not delivered to the recipient, and is not classified as spam, it will be bounced back to the sender with a delivery error message. The system is designed to do this! In over twenty years in IT, I've only once seen a message "disappear into thin air" with not trace, and that was because of a number of unrelated server failures. So, if the message hasn't arrived at your mailbox (or ISP), and your contact cannot produce the non-delivery-error message, they have no proof that they sent it.

  2. Jan Fritsch
    May 14, 2013 at 6:22 pm

    I'm afraid you would have to get the smtp logfiles of both the sending and the receiving mailserver for bulletproof evidence.

    However, if he was sending you an email the file in his mail program doesn't proof anything. It doesn't contain smtp headersshowing your mail account receiving the email.

    If he does have a message file that shows headers of your Yahoo account receiving his message he either produced it or must have hacked your account.