Email Content forgery

Avery was on fire. "You would not guess what Parker just emailed me!" The email contained what Avery had always suspected but could never prove - and finally there it was, for everybody to see. It would be in the server logs. The matter would be solved, once and for all.

Or would it?

We are trusting email blindly - but there are nuances and yes, email content can be (and sometimes is) not what it seems. Time to update our concepts and learn the nerdiest word yet this year.

If you can't believe email, what can you believe?

The basic problem: Trust

Email technology is quite sophisticated. While many people think emails are just "shot off" to the recipient and "caught" by their server, mail is actually transmitted between a chain of servers like a game of tag. A lot can go wrong - servers may try to read the message they are passing along, may try to modify it or may try to erase their traces (or blame others). Think spies, state actors or spammers.

Using G Suite, and using G Suite at PwC in particular, you do not have to worry about these things because there are technologists who understand all of this very well. There is technology in place that fights these raging battles for you, out of sight. Still, our faith in email is so great that we take everything in our inbox for granted, which may be misguided. The two big problems in email security affect you too, daily: Integrity and non-repudiation. Bear with me for nerdy bragging rights!

Integrity means certainty that email reaches you the way it was sent. It has not been changed (this does not mean it has not been read).

Non-repudiation means that the sender cannot deny having sent an email. Sounds silly, but think how important it is not to be impersonated or suffer anonymous threats to quickly grasp the reach of this in corporate circumstances.

Normal email in Gmail

People at PwC and Google work tirelessly to keep your email safe. It is safe to assume that everything you receive is safe and originates from where it says it originates. Gmail will show you big red warning signs when it suspects something is odd. Reach out to your service desk when you suspect something. In these cases, it is always better to be safe than sorry.

Verdict: Not forgeable. Normal email in Gmail is perfectly safe, as far as normal use is concerned.

This does not mean that nothing is interesting, or there would be no post!

Special case: Replying and forwarding

This one is easy but may come as a shock: when you reply or forward, you are technically doing a copy-paste job. So while it looks like you are working in the white space of "type here", and don't you dare touch the ellipsis hiding the content you are replying to, nothing can stop you from actually manipulating that to your heart's content. Which is important: You may need to remove sensitive paragraphs, add or remove attachments. It is implied etiquette that nobody should add words to other people's email, but there is no technical barrier to doing so.

This means emails that somebody forwards you are not trustworthy. When gossipy Quinn forwards you Jordan's incendiary email, you can be sure that Quinn's venom is legitimate - but be careful before approaching Jordan. Quinn may have redacted it (or even made everything up).

Verdict: Forgeable. You do not know that your sender has not altered the message relayed to you.

Special case: Attached emails

Many email programs have long been able to attach emails to emails. This works by saving emails to a special format (normally .eml or .msg). It is basically a text file (it can be opened with text editors) that also contains any attachments. Gmail has offered to download individual messages as .eml files (so you could attach them to other emails), but as of last week, it offers full support in that you can forward multiple messages as attachments from within Gmail. You can even view .eml files you receive.

Verdict: Forgeable. .eml files can be edited by the user. I can export any message to my desktop, edit it and upload it again. I can change the sender or even make the email up completely.

Special case: Confidential mode

Gmail's confidential mode is special because it is technically not an email. Well it is - you get a notice that you have received something and that you better open it before it expires. If you happen to use Gmail too (which is the case within PwC), you normally skip this notice and go straight to the content unless it has expired already or is SMS protected. It then loads the second part - the actual message.

The actual message (which Gmail makes conveniently appear like a normal message, but Outlook or Apple Mail users will have to open in separate browser windows. Do not mix Apples and Oranges!) is loaded from Gmails' servers, which means it also does not work offline. This means it absolutely cannot be forged. Purists may dislike that confidential mode technically is not a real email but merely a container (like those annoying greeting cards) and that Google holds the keys, but secure it is.

Verdict: Not forgeable. There is no higher guarantee that the message you are reading is legitimate, with all its content.

Non-repudiation is my word of the week - bonus points if you can drop it over a beer. And then toast to knowing that you are safe at PwC, but knowing why you are safe is always better. Thank you for reading!

#gmailPublished 2020-01-30 by Holger Matthies.Modified 2020-01-30 by Holger Matthies.

Page updated

Report abuse