Realiability of Date: Field in a legitimate hotmail message.

Is it possible to spoof the date in the Date: field of a hotmail message sent using their web client, or can this date be trusted. I understand sending an email using a client like outlook, and changing the system clock changes the Date: field; but my question relates to a message sent from a public terminal that does not allow the aditional software to be installed, does not have a computer based client installed, and does not allow the system time to be changed. Could one assume that the date: field of a message sent from hotmail's website, under these circumstances to be the true date, i.e. that seen in the first received header, and therefore the actual time the email was sent? Any help you could provide would be greatly appreciated. Thanks.
pcobs2001Asked:
Who is Participating?
 
SembeeCommented:
The headers appear fairly standard.
Reading up from the bottom, the first two lines can be ignored.
The next one (SpamCheck) is being placed by a spam filter.
After that something has placed a line about the arrival time. Not clear what though.
Next next lines are fairly obvious in their content.
X-Sender, X-originating... are Hotmail lines, used for tracking.
Then you get in to the traffic headers.
Each time the message goes through an SMTP server, that server writes where it received the message from, the date and the time. The latest time being at the top.

As this is a web based service then I would expect that all the times and dates on a Hotmail message are from the web server, not the client.
However, don't forget that Hotmail offer a service where you could send and receive email using an Outlook client. While this service is now being dropped for free customers, if you are paying for the Hotmail service then you still have the facility. Sending an email in that manner could generate inaccurate times.

This discussion is academic as you have said that you don't have the header information.  Gives me 15 minutes I could create an email message from Bill Gates, dated 1981 with a plan for World domaination by stealing everyone else's ideas. It would be totally fake and there would be nothing to prove that it was false. An email message without the headers is worthless as proof of time and date sent and/or received.

Simon.
0
 
SembeeCommented:
Look through the header information of the message. If there has been some fiddling with the message then it can be spotted by inconsitences in the headers. However as it is Hotmail the time I would rely on is the time on the line where it leaves their system and is delivered to the first system outside of their network. That time will not be accessible to the user in any way.

Simon.
0
 
pcobs2001Author Commented:
Unofortunately, I do not have a copy of the header. The message was printed out for me and then deleted. I have, however, looked at many other hotmail message headers, and the date shown in the date: field matches with the 1st received header. I was wondering if this could reasonably change?



Return-path: <****@hotmail.com>
Received: from mta11.srv.hcvlny.cv.net (mta11.srv.hcvlny.cv.net [167.206.5.86])
 by mstr1.srv.hcvlny.cv.net
 (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar  3 2004))
 with ESMTP id <0I5K00IBOVJIRI@mstr1.srv.hcvlny.cv.net> for
****@optonline.net; Thu, 14 Oct 2004 10:14:06 -0400 (EDT)
Received: from hotmail.com (bay2-f31.bay2.hotmail.com [65.54.247.31])
 by mta11.srv.hcvlny.cv.net
 (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar  3 2004))
 with ESMTP id <0I5K00KH4VJH4O@mta11.srv.hcvlny.cv.net> for ****@optonline.net
 (ORCPT ****@optonline.net); Thu, 14 Oct 2004 10:14:05 -0400 (EDT)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu,
 14 Oct 2004 07:14:04 -0700
Received: from 67.81.136.4 by by2fd.bay2.hotmail.msn.com with HTTP; Thu,
 14 Oct 2004 14:13:06 +0000 (GMT)
Date: Thu, 14 Oct 2004 14:13:06 +0000
From: *****<*****@hotmail.com>
Subject: RE: Letter
X-Originating-IP: [67.81.136.4]
X-Sender: *****@hotmail.com
To: *****@optonline.net
Bcc:
Message-id: <BAY2-F31mP9CDBHy3Sp00032315@hotmail.com>
MIME-version: 1.0
Content-type: text/html
Content-transfer-encoding: QUOTED-PRINTABLE
X-Originating-Email: [******@hotmail.com]
Original-recipient: rfc822;*****@optonline.net
X-OriginalArrivalTime: 14 Oct 2004 14:14:04.0739 (UTC)
 FILETIME=[0FBEE130:01C4B1F8]


Received: from mailtag.aecom.yu.edu (mailtag.aecom.yu.edu [129.98.1.87])
      by post.aecom.yu.edu (8.11.7p1+Sun/8.11.7) with ESMTP id i38D8kX03168
      for <*****@aecom.yu.edu>; Thu, 8 Apr 2004 09:08:46 -0400 (EDT)
Received: from mailvx.aecom.yu.edu (mailvx.aecom.yu.edu [129.98.1.17])
      by mailtag.aecom.yu.edu (8.12.8/8.12.8) with SMTP id i38D8dMI030473
      for <*****@aecom.yu.edu>; Thu, 8 Apr 2004 09:08:41 -0400
Received: from mailgw.aecom.yu.edu ([129.98.1.16])
 by mailvx.aecom.yu.edu (SAVSMTP 3.1.1.32) with SMTP id M2004040809084119962
 for <*****@aecom.yu.edu>; Thu, 08 Apr 2004 09:08:41 -0400
Received: from hotmail.com (sea2-f26.sea2.hotmail.com [207.68.165.26])
      by mailgw.aecom.yu.edu (8.12.8/8.12.8) with ESMTP id i38D8emM023334
      for <*****@aecom.yu.edu>; Thu, 8 Apr 2004 09:08:40 -0400
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
       Thu, 8 Apr 2004 06:08:40 -0700
Received: from 64.236.180.94 by sea2fd.sea2.hotmail.msn.com with HTTP;
      Thu, 08 Apr 2004 13:08:39 GMT
X-Originating-IP: [64.236.180.94]
X-Originating-Email: [*****@hotmail.com]
X-Sender: *****@hotmail.com
From: *******@hotmail.com>
To: ******@aecom.yu.edu
Subject: RE: [personal] RE: Hey
Date: Thu, 08 Apr 2004 09:08:39 -0400
Mime-Version: 1.0
Content-Type: text/html
Message-ID: <Sea2-F26Hd4KkcWJEhm00023548@hotmail.com>
X-OriginalArrivalTime: 08 Apr 2004 13:08:40.0083 (UTC) FILETIME=[9C652630:01C41D6A]
X-AECOM-SpamCheck: not spam, SpamAssassin (score=-3.919, required 5,
      BAYES_00 -4.90, HTML_MESSAGE 0.10, MIME_HTML_NO_CHARSET 0.56,
      MIME_HTML_ONLY 0.32)
Content-Length: 390
Status:  
X-Text-Classification: personal
X-POPFile-Link: http://127.0.0.1:8080/jump_to_message?view=popfile397=15.msg
0
 
SembeeCommented:
There is nothing to someone from fiddling with the presentation of a message once it gets to the server - that is why you need the full headers. If you just have a print out and the time is critical and you don't have the headers then I wouldn't advise that you trust that information.

Email should be treated like a postcard. While 999 out 1000 times they will go through without being altered, someone or something in between may change the message in such a way that brings doubt in to the validity of the message.

But I am not a lawyer, don't claim to be, or play one on TV. If it is that critical then you will need to get some proper legal advice.

If you are just checking for "fun", then there is nothing to stop you from changing the time on your PC, connecting to hotmail and then sending a message. I am pretty sure the only thing Hotmail lifts from your PC is the IP address.

X-Originating-IP: [64.236.180.94]

Simon.
0
 
pcobs2001Author Commented:
I changed my system clock, and sent a message to myself using Hotmail's website. The Date: field, however, still recorded the correct date, not the one I change it to. Is there somewhere on the web where I might be able to go to get an explanation of Hotmail's header format, i.e. how there servers construct header fields in a hotmail message? Again, any help you could provide would be greatly appreciated.

Thanks



Received: from mailtag.aecom.yu.edu (mailtag.aecom.yu.edu [129.98.1.87])
      by post.aecom.yu.edu (8.11.7p1+Sun/8.11.7) with ESMTP id i9HAMnt19724
      for <xxxxx@aecom.yu.edu>; Sun, 17 Oct 2004 06:22:49 -0400 (EDT)
Received: from mailvx.aecom.yu.edu (mailvx.aecom.yu.edu [129.98.1.17])
      by mailtag.aecom.yu.edu (8.12.8/8.12.8) with SMTP id i9HAMebq016568
      for <xxxx@aecom.yu.edu>; Sun, 17 Oct 2004 06:22:46 -0400
Received: from mailgw.aecom.yu.edu ([129.98.1.16])
 by mailvx.aecom.yu.edu (SAVSMTP 3.1.1.32) with SMTP id M2004101706224611101
 for <xxxxx@aecom.yu.edu>; Sun, 17 Oct 2004 06:22:46 -0400
Received: from hotmail.com (bay10-f20.bay10.hotmail.com [64.4.37.20])
      by mailgw.aecom.yu.edu (8.12.8/8.12.8) with ESMTP id i9HAMkiP011066
      for <xxxxx@aecom.yu.edu>; Sun, 17 Oct 2004 06:22:46 -0400
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
       Sun, 17 Oct 2004 03:22:02 -0700
Received: from 24.44.55.64 by by10fd.bay10.hotmail.msn.com with HTTP;
      Sun, 17 Oct 2004 10:21:25 GMT
X-Originating-IP: [24.44.xx.xx]
X-Originating-Email: [xxxxxx@hotmail.com]
X-Sender: xxxxx@hotmail.com
From: "xxxxx" <xxxxx@hotmail.com>
To: xxxxx@aecom.yu.edu
Subject: Test message
Date: Sun, 17 Oct 2004 06:21:25 -0400
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: <BAY10-F20ONvzyJxArG00002435@hotmail.com>
X-OriginalArrivalTime: 17 Oct 2004 10:22:02.0404 (UTC) FILETIME=[24A06640:01C4B433]
X-AECOM-SpamCheck: not spam, SpamAssassin (score=-4.9, required 5,
      autolearn=not spam, BAYES_00 -4.90)
Content-Length: 305
Status:  



Test message sent setting system clock to 6:18PM 10/17/04 at 6:20AM 10/17/04 from home network.

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.