BitDepth#887 - May 28
27/05/13 19:30 Filed in: BitDepth - May 2013
Recent public discussions about authenticating e-mails suggest that it might be useful to understand exactly what kind of information travels with these electronic transmissions.
An e-mail primer
Here’s a recent e-mail that shows how spammers try to subvert digital controls.
In 1, the sender’s e-mail address is given an official sounding title, but the e-mail client reveals the actual sender, who is not e-mailing from an official LinkedIn account. This field, where users will normally put their real names, can be anything, including another e-mail address entirely and some clients will show that and not the underlying e-mail address as seen at left.
The extended e-mail header is revealed in 2, which tells the truth about the e-mail. A skilled mail server wrangler can read this geek stream and divine a great deal about this e-mail’s routing.
For 3, the sender has spent a bit of effort making the body of their e-mail look like an official LinkedIn transmission, albeit with a link that looks nothing like something that the social media service would use.
Regardless of which side of the political divide you choose to support, it’s clear that the discussions about the recent revelation of a thread of e-mail conversations offered in Parliament by Opposition Leader Dr Keith Rowley has provoked strong emotional reactions.
That’s understandable when it comes to politics, but such sentiments are wholly out of place when it comes to the technologies underlying even such commonplace services as e-mail transmissions.
Technology is absolute. It deals in verifiable bits that either are or are not. A message either has a proper transmission header or it doesn’t. If it doesn’t, it's unverifiable and useless as evidence, regardless of who offers it. This may be a confusing matter for politicians, who trade in mood, feelings and allegiances, none of which have any impact on bits.
Information on the web may have mood and feeling, but its existence is trackable and verifiable every step of the way (unless people take the trouble to use anonymizers and other identity obscuring tools).
E-mails can't just look right or wrong, they are either truly electronic transmissions and can be verified as such with a trackable footprint or they are not. It really is as simple as that.
If that last bit looks familiar, it’s because it’s part of an answer to questions put to me by Global Voices on the matter. I repeat that statement here because it seems worth considering in the heat of opinion on the matter.
As of this writing, there has been no public revelation by the Opposition Leader of digital copies of these alleged transmissions that might be scrutinised by authorities.
That this simple fact has not occupied a greater profile in the discourse is an illustration of the passions driving the situation and it may point to a widespread misunderstanding of the nature of e-mail, which can’t simply be transposed to print while retaining its essential character.
Like much of modern technology, the humble e-mail has come to be dressed in appealing and readable skins of design, whether users choose to read their mail in a dedicated client or using web based e-mail services.
An e-mail is far more than the words we are invited to read because this digital document, like its predecessor postal mail, travels through multiple collection and transfer points before reaching its destination.
Sitting next to the management in our living room, I’ll often send an e-mail with a link to something interesting. To speed things up, I’ll usually send it to her business domain using my business domain, since both are hosted by the same company.
That doesn’t mean that they will pass through the same server though. That e-mail will leave my laptop, stop at Flow, get rerouted to the hosting company’s servers, get transferred to her e-mail server, then make its way back, stopping off at Flow on the way back.
Depending on the state of the Internet at the precise moment I send the e-mail off, it may get rerouted halfway around the world before reaching its destination, someone sitting within reach of my outstretched hand.
Every routing that e-mail takes gets logged within the e-mail itself and provides a unique imprint of its specific source, transfer history and destination. General David Petraeus found out just how detailed that information can be to his considerable misfortune.
Detectives pursuing clues among physical objects look for identifying information, DNA evidence, fingerprints, materials that are out of place.
Digital detectives assigned to review these accusatory e-mails will search for much the same thing, but it will be found in the bits of digital transmission, not in paper facsimiles.
Here’s a recent e-mail that shows how spammers try to subvert digital controls.
In 1, the sender’s e-mail address is given an official sounding title, but the e-mail client reveals the actual sender, who is not e-mailing from an official LinkedIn account. This field, where users will normally put their real names, can be anything, including another e-mail address entirely and some clients will show that and not the underlying e-mail address as seen at left.
The extended e-mail header is revealed in 2, which tells the truth about the e-mail. A skilled mail server wrangler can read this geek stream and divine a great deal about this e-mail’s routing.
For 3, the sender has spent a bit of effort making the body of their e-mail look like an official LinkedIn transmission, albeit with a link that looks nothing like something that the social media service would use.
Regardless of which side of the political divide you choose to support, it’s clear that the discussions about the recent revelation of a thread of e-mail conversations offered in Parliament by Opposition Leader Dr Keith Rowley has provoked strong emotional reactions.
That’s understandable when it comes to politics, but such sentiments are wholly out of place when it comes to the technologies underlying even such commonplace services as e-mail transmissions.
Technology is absolute. It deals in verifiable bits that either are or are not. A message either has a proper transmission header or it doesn’t. If it doesn’t, it's unverifiable and useless as evidence, regardless of who offers it. This may be a confusing matter for politicians, who trade in mood, feelings and allegiances, none of which have any impact on bits.
Information on the web may have mood and feeling, but its existence is trackable and verifiable every step of the way (unless people take the trouble to use anonymizers and other identity obscuring tools).
E-mails can't just look right or wrong, they are either truly electronic transmissions and can be verified as such with a trackable footprint or they are not. It really is as simple as that.
If that last bit looks familiar, it’s because it’s part of an answer to questions put to me by Global Voices on the matter. I repeat that statement here because it seems worth considering in the heat of opinion on the matter.
As of this writing, there has been no public revelation by the Opposition Leader of digital copies of these alleged transmissions that might be scrutinised by authorities.
That this simple fact has not occupied a greater profile in the discourse is an illustration of the passions driving the situation and it may point to a widespread misunderstanding of the nature of e-mail, which can’t simply be transposed to print while retaining its essential character.
Like much of modern technology, the humble e-mail has come to be dressed in appealing and readable skins of design, whether users choose to read their mail in a dedicated client or using web based e-mail services.
An e-mail is far more than the words we are invited to read because this digital document, like its predecessor postal mail, travels through multiple collection and transfer points before reaching its destination.
Sitting next to the management in our living room, I’ll often send an e-mail with a link to something interesting. To speed things up, I’ll usually send it to her business domain using my business domain, since both are hosted by the same company.
That doesn’t mean that they will pass through the same server though. That e-mail will leave my laptop, stop at Flow, get rerouted to the hosting company’s servers, get transferred to her e-mail server, then make its way back, stopping off at Flow on the way back.
Depending on the state of the Internet at the precise moment I send the e-mail off, it may get rerouted halfway around the world before reaching its destination, someone sitting within reach of my outstretched hand.
Every routing that e-mail takes gets logged within the e-mail itself and provides a unique imprint of its specific source, transfer history and destination. General David Petraeus found out just how detailed that information can be to his considerable misfortune.
Detectives pursuing clues among physical objects look for identifying information, DNA evidence, fingerprints, materials that are out of place.
Digital detectives assigned to review these accusatory e-mails will search for much the same thing, but it will be found in the bits of digital transmission, not in paper facsimiles.
blog comments powered by Disqus