当サイトはユーザー体験を改善するためのメンテナンスを実施中に機能が制限される予定です。記事を読んでもあなたの問題が解決せず質問をしたい場合は、Twitter の @FirefoxSupport、Reddit の /r/firefox で、サポートコミュニティが皆さんを助けようと待機しています。

Mozilla サポートの検索

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

詳しく学ぶ

このスレッドはアーカイブに保管されました。 必要であれば新たに質問してください。

Importing edited Mbox file from Gmail - Manipulation test

  • 1 件の返信
  • 1 人がこの問題に困っています
  • 1 回表示
  • 最後の返信者: Matt

more options

I am testing the theory behind manipulated emails and what forensic evidence can be obtained.

I notice that when Google Takeout is used to export emails from a Gmail account and are subsequently edited (in this case, the body text), SPF alters from "PASS" to "NONE with IP 0.0.0.0" and DKIM completely disappears in the "Original Message" view, however the headers remain unchanged with the exception of the edits to the body text.

The unedited email indicates SPF as "Pass" and DKIM as "Pass" (first image). This changes in the second image once any alteration is applied to the original email.

Before importing the email via Thunderbird, I delete the original email in Gmail (including the trash) and then load the manipulated email to Thunderbird and subsequently to the Gmail inbox.

Is there an explanation for the change in SPF and disappearance of DKIM to the manipulated email?

I am testing the theory behind manipulated emails and what forensic evidence can be obtained. I notice that when Google Takeout is used to export emails from a Gmail account and are subsequently edited (in this case, the body text), SPF alters from "PASS" to "NONE with IP 0.0.0.0" and DKIM completely disappears in the "Original Message" view, however the headers remain unchanged with the exception of the edits to the body text. The unedited email indicates SPF as "Pass" and DKIM as "Pass" (first image). This changes in the second image once any alteration is applied to the original email. Before importing the email via Thunderbird, I delete the original email in Gmail (including the trash) and then load the manipulated email to Thunderbird and subsequently to the Gmail inbox. Is there an explanation for the change in SPF and disappearance of DKIM to the manipulated email?
添付されたスクリーンショット

すべての返信 (1)

more options

Details on the SPF standard can be found here. https://datatracker.ietf.org/doc/html/rfc7208 and DKIM here https://datatracker.ietf.org/doc/html/rfc6376

Both of these are server side technologies and well beyond the scope of this forum.