How To Fake An Email

Posted on September 28, 2009 by Matt Osborne
Breitbart’s Big Government site is carrying allegations that NBC producer Jane Stone sent a vicious anti-Semitic email:
When Stone received an email urging Congress to defund ACORN from Alex Rosenwald, director of media outreach for Americans for Limited Government, the following sentence came back to Rosenwald from Stone’s account: “Bite me, Jew Boy!”

The problem? NBC says it’s not true:

Stone’s response email—provided to POLITICO—did not have any anti-Semitic comment. In fact, it had just one line: “Take me off this list!”

“Somebody, on the other end, I’m assuming, took the return stamp from the email and then put in this hateful message,” Capus said. “I don’t know who did it. It’s outrageous to suspect that somebody from NBC News would do it.”

The differing versions of this email:
From: Stone, Jane (NBC Universal)
Sent: Thursday, September 24, 2009 1:57 PM
To: ‘arosenwald@getliberty.org’
Subject: Re: ALG Calls on Congress to “Put Up or Shut Up” on Defunding ACORN

Take me off this list!

————————–
Sent from my BlackBerry Wireless Handheld

From: Stone, Jane (NBC Universal) [Jane.Stone@nbcuni.com]
Sent: Thursday, September 24, 2009 1:57 PM
To: Alex Rosenwald
Subject: Re: ALG Calls on Congress to “Put Up or Shut Up” on Defunding ACORN

Bite me Jew boy!

————————–
Sent from my BlackBerry Wireless Handheld

I’m not sure what it means that an email address appears in the “from” line of ALG’s version but in the “to” line of NBC’s copy, but I mean to find out.

I’m HALFWAY to $500 for investigative journalism with twelve days left — Click here to help!




About Matt Osborne

Veteran blogging the culture wars from Alabama. Video journalist, mash-up artist, aspiring novelist, and metalhead. Expect bunnies, geekery, dark humor, and snarky empirical analysis to annoy idealists of all stripes. You can follow me on Twitter, but be ready 'cause it might get loud.
This entry was posted in Breitbart, Piltdown politics. Bookmark the permalink.
  • Maxwell Hammer

    This is impossible to tell. When you get right down to it, you're looking at a piece of text that anyone could have typed.

    As a hobby in the late 90's, I used to track spam emails back to their source. There are headers in the email that can tell you where it came from. What you see there are simplified headers, not the real ones.

    Here is an excerpt, edited for length, of real headers.

    Received: by 10.224.2.207 with SMTP id 15cs179877qak;
    Mon, 28 Sep 2009 15:09:39 -0700 (PDT)
    Received: by 10.220.79.140 with SMTP id p12mr6620432vck.57.1254175778758;
    Mon, 28 Sep 2009 15:09:38 -0700 (PDT)
    Return-Path: osborneink@hotmail.com
    Received: from blu0-omc4-s5.blu0.hotmail.com (blu0-omc4-s5.blu0.hotmail.com [65.55.111.144])
    by mx.google.com with ESMTP id 16si8179946vws.6.2009.09.28.15.09.38;
    Mon, 28 Sep 2009 15:09:38 -0700 (PDT)

    That's from an email from you, Matt.

    Using that you can tell who the email is from. You can often even pinpoint a physical location, within a few miles, based on the ip address. And it can't easily be faked. Good spammers use email relays and fake ip addresses by various means to numerous to mention. Someone like that could possibly fake the headers, but it would be difficult. And even so there would be something, some clue, that it was different. It's like a counterfeit $100 bill. Sure, you can fake it well enough to pass off at the liquor store. But you can't fake it well enough to fool the G-men.

    But what you have here is nothing. It's summarized headers, not full headers. To see the real headers in gmail, for instance, you click on "show original". In yahoo I think it's "show full headers".

    Now, if you could get access to Blackberry's mail server logs, you could tell for sure if it's real or not. But I doubt that will happen.

  • Matt Osborne

    Thanks, Maxwell!