> > I guess I'll take your word for it that the message ID > and the rest of the header could not be doctored properly. However, if > a non-mozilla mail client sent the message, it's possible they could > send out the message with the proper information in the > X-Mozilla-Altered field.
The test I did wasn't totally thorough. What I did was basically this: Create a new message. Save the message. Close Mozilla. Edit the message in the Drafts mailbox by hand. Delete the Drafts.msf file. Run Mozilla. Reopen the message. Send the message to yourself. Receive the message. When I edited the message by hand, I saw that there wasn't already a "Message-ID" header. Apparently this doesn't get created until the e-mail is actually sent; so I don't see an easy way to doctor this. There was a "References" header, for establishing threading; I think it'd be possible to send an altered "References" header. I manually added an "X-Mozilla-Altered" header (note: this is a header that does not currently exist in Mozilla. It's being considered as a possible header to add when an attachment is deleted). When I later sent the message and received it, I noticed that the "X-Mozilla-Altered" header was no longer in the message, which wasn't much of a surprise. Mozilla did not include it in the sent message, and rightly so. I'm not sure if there's an option to add custom headers to a new message, in Mozilla or in other e-mail clients. If there is, then someone might be able to convincingly doctor a new message to make it look like an attachment was deleted. -- Matt Coughlin [EMAIL PROTECTED] <remove "sp4mless_" from the e-mail address to reply>
