Solved

Realiability of Date: Field in a legitimate hotmail message.

Posted on 2004-10-15
5
321 Views
Last Modified: 2008-03-03
Is it possible to spoof the date in the Date: field of a hotmail message sent using their web client, or can this date be trusted. I understand sending an email using a client like outlook, and changing the system clock changes the Date: field; but my question relates to a message sent from a public terminal that does not allow the aditional software to be installed, does not have a computer based client installed, and does not allow the system time to be changed. Could one assume that the date: field of a message sent from hotmail's website, under these circumstances to be the true date, i.e. that seen in the first received header, and therefore the actual time the email was sent? Any help you could provide would be greatly appreciated. Thanks.
0
Comment
Question by:pcobs2001
  • 3
  • 2
5 Comments
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
Look through the header information of the message. If there has been some fiddling with the message then it can be spotted by inconsitences in the headers. However as it is Hotmail the time I would rely on is the time on the line where it leaves their system and is delivered to the first system outside of their network. That time will not be accessible to the user in any way.

Simon.
0
 

Author Comment

by:pcobs2001
Comment Utility
Unofortunately, I do not have a copy of the header. The message was printed out for me and then deleted. I have, however, looked at many other hotmail message headers, and the date shown in the date: field matches with the 1st received header. I was wondering if this could reasonably change?



Return-path: <****@hotmail.com>
Received: from mta11.srv.hcvlny.cv.net (mta11.srv.hcvlny.cv.net [167.206.5.86])
 by mstr1.srv.hcvlny.cv.net
 (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar  3 2004))
 with ESMTP id <0I5K00IBOVJIRI@mstr1.srv.hcvlny.cv.net> for
****@optonline.net; Thu, 14 Oct 2004 10:14:06 -0400 (EDT)
Received: from hotmail.com (bay2-f31.bay2.hotmail.com [65.54.247.31])
 by mta11.srv.hcvlny.cv.net
 (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar  3 2004))
 with ESMTP id <0I5K00KH4VJH4O@mta11.srv.hcvlny.cv.net> for ****@optonline.net
 (ORCPT ****@optonline.net); Thu, 14 Oct 2004 10:14:05 -0400 (EDT)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu,
 14 Oct 2004 07:14:04 -0700
Received: from 67.81.136.4 by by2fd.bay2.hotmail.msn.com with HTTP; Thu,
 14 Oct 2004 14:13:06 +0000 (GMT)
Date: Thu, 14 Oct 2004 14:13:06 +0000
From: *****<*****@hotmail.com>
Subject: RE: Letter
X-Originating-IP: [67.81.136.4]
X-Sender: *****@hotmail.com
To: *****@optonline.net
Bcc:
Message-id: <BAY2-F31mP9CDBHy3Sp00032315@hotmail.com>
MIME-version: 1.0
Content-type: text/html
Content-transfer-encoding: QUOTED-PRINTABLE
X-Originating-Email: [******@hotmail.com]
Original-recipient: rfc822;*****@optonline.net
X-OriginalArrivalTime: 14 Oct 2004 14:14:04.0739 (UTC)
 FILETIME=[0FBEE130:01C4B1F8]


Received: from mailtag.aecom.yu.edu (mailtag.aecom.yu.edu [129.98.1.87])
      by post.aecom.yu.edu (8.11.7p1+Sun/8.11.7) with ESMTP id i38D8kX03168
      for <*****@aecom.yu.edu>; Thu, 8 Apr 2004 09:08:46 -0400 (EDT)
Received: from mailvx.aecom.yu.edu (mailvx.aecom.yu.edu [129.98.1.17])
      by mailtag.aecom.yu.edu (8.12.8/8.12.8) with SMTP id i38D8dMI030473
      for <*****@aecom.yu.edu>; Thu, 8 Apr 2004 09:08:41 -0400
Received: from mailgw.aecom.yu.edu ([129.98.1.16])
 by mailvx.aecom.yu.edu (SAVSMTP 3.1.1.32) with SMTP id M2004040809084119962
 for <*****@aecom.yu.edu>; Thu, 08 Apr 2004 09:08:41 -0400
Received: from hotmail.com (sea2-f26.sea2.hotmail.com [207.68.165.26])
      by mailgw.aecom.yu.edu (8.12.8/8.12.8) with ESMTP id i38D8emM023334
      for <*****@aecom.yu.edu>; Thu, 8 Apr 2004 09:08:40 -0400
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
       Thu, 8 Apr 2004 06:08:40 -0700
Received: from 64.236.180.94 by sea2fd.sea2.hotmail.msn.com with HTTP;
      Thu, 08 Apr 2004 13:08:39 GMT
X-Originating-IP: [64.236.180.94]
X-Originating-Email: [*****@hotmail.com]
X-Sender: *****@hotmail.com
From: *******@hotmail.com>
To: ******@aecom.yu.edu
Subject: RE: [personal] RE: Hey
Date: Thu, 08 Apr 2004 09:08:39 -0400
Mime-Version: 1.0
Content-Type: text/html
Message-ID: <Sea2-F26Hd4KkcWJEhm00023548@hotmail.com>
X-OriginalArrivalTime: 08 Apr 2004 13:08:40.0083 (UTC) FILETIME=[9C652630:01C41D6A]
X-AECOM-SpamCheck: not spam, SpamAssassin (score=-3.919, required 5,
      BAYES_00 -4.90, HTML_MESSAGE 0.10, MIME_HTML_NO_CHARSET 0.56,
      MIME_HTML_ONLY 0.32)
Content-Length: 390
Status:  
X-Text-Classification: personal
X-POPFile-Link: http://127.0.0.1:8080/jump_to_message?view=popfile397=15.msg
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
There is nothing to someone from fiddling with the presentation of a message once it gets to the server - that is why you need the full headers. If you just have a print out and the time is critical and you don't have the headers then I wouldn't advise that you trust that information.

Email should be treated like a postcard. While 999 out 1000 times they will go through without being altered, someone or something in between may change the message in such a way that brings doubt in to the validity of the message.

But I am not a lawyer, don't claim to be, or play one on TV. If it is that critical then you will need to get some proper legal advice.

If you are just checking for "fun", then there is nothing to stop you from changing the time on your PC, connecting to hotmail and then sending a message. I am pretty sure the only thing Hotmail lifts from your PC is the IP address.

X-Originating-IP: [64.236.180.94]

Simon.
0
 

Author Comment

by:pcobs2001
Comment Utility
I changed my system clock, and sent a message to myself using Hotmail's website. The Date: field, however, still recorded the correct date, not the one I change it to. Is there somewhere on the web where I might be able to go to get an explanation of Hotmail's header format, i.e. how there servers construct header fields in a hotmail message? Again, any help you could provide would be greatly appreciated.

Thanks



Received: from mailtag.aecom.yu.edu (mailtag.aecom.yu.edu [129.98.1.87])
      by post.aecom.yu.edu (8.11.7p1+Sun/8.11.7) with ESMTP id i9HAMnt19724
      for <xxxxx@aecom.yu.edu>; Sun, 17 Oct 2004 06:22:49 -0400 (EDT)
Received: from mailvx.aecom.yu.edu (mailvx.aecom.yu.edu [129.98.1.17])
      by mailtag.aecom.yu.edu (8.12.8/8.12.8) with SMTP id i9HAMebq016568
      for <xxxx@aecom.yu.edu>; Sun, 17 Oct 2004 06:22:46 -0400
Received: from mailgw.aecom.yu.edu ([129.98.1.16])
 by mailvx.aecom.yu.edu (SAVSMTP 3.1.1.32) with SMTP id M2004101706224611101
 for <xxxxx@aecom.yu.edu>; Sun, 17 Oct 2004 06:22:46 -0400
Received: from hotmail.com (bay10-f20.bay10.hotmail.com [64.4.37.20])
      by mailgw.aecom.yu.edu (8.12.8/8.12.8) with ESMTP id i9HAMkiP011066
      for <xxxxx@aecom.yu.edu>; Sun, 17 Oct 2004 06:22:46 -0400
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
       Sun, 17 Oct 2004 03:22:02 -0700
Received: from 24.44.55.64 by by10fd.bay10.hotmail.msn.com with HTTP;
      Sun, 17 Oct 2004 10:21:25 GMT
X-Originating-IP: [24.44.xx.xx]
X-Originating-Email: [xxxxxx@hotmail.com]
X-Sender: xxxxx@hotmail.com
From: "xxxxx" <xxxxx@hotmail.com>
To: xxxxx@aecom.yu.edu
Subject: Test message
Date: Sun, 17 Oct 2004 06:21:25 -0400
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: <BAY10-F20ONvzyJxArG00002435@hotmail.com>
X-OriginalArrivalTime: 17 Oct 2004 10:22:02.0404 (UTC) FILETIME=[24A06640:01C4B433]
X-AECOM-SpamCheck: not spam, SpamAssassin (score=-4.9, required 5,
      autolearn=not spam, BAYES_00 -4.90)
Content-Length: 305
Status:  



Test message sent setting system clock to 6:18PM 10/17/04 at 6:20AM 10/17/04 from home network.

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
Comment Utility
The headers appear fairly standard.
Reading up from the bottom, the first two lines can be ignored.
The next one (SpamCheck) is being placed by a spam filter.
After that something has placed a line about the arrival time. Not clear what though.
Next next lines are fairly obvious in their content.
X-Sender, X-originating... are Hotmail lines, used for tracking.
Then you get in to the traffic headers.
Each time the message goes through an SMTP server, that server writes where it received the message from, the date and the time. The latest time being at the top.

As this is a web based service then I would expect that all the times and dates on a Hotmail message are from the web server, not the client.
However, don't forget that Hotmail offer a service where you could send and receive email using an Outlook client. While this service is now being dropped for free customers, if you are paying for the Hotmail service then you still have the facility. Sending an email in that manner could generate inaccurate times.

This discussion is academic as you have said that you don't have the header information.  Gives me 15 minutes I could create an email message from Bill Gates, dated 1981 with a plan for World domaination by stealing everyone else's ideas. It would be totally fake and there would be nothing to prove that it was false. An email message without the headers is worthless as proof of time and date sent and/or received.

Simon.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Email signatures have numerous marketing benefits. Here are 8 top reasons to turn your email signature into a marketing channel.
Are you using email marketing software? If not, you're missing out on effortless marketing and the reaching of desired conversion rates through email marketing software.
The purpose of this video is to demonstrate how to set up Lists in Mailchimp. This will be demonstrated using a Windows 8 PC. Mailchimp will be used. Log into your Mailchimp account. : Click on Lists. Click on Create List Button : Choose the desi…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now