Ask Erik: Is this email fake? How can I tell?

December 28th, 2017

In a recent “Ask Erik” question, Eve asked:

“I received a copy of an email that someone claims they sent to me. They did not forward this apparent email they claim they sent to me. Rather they copied and pasted it into a current email.

However, I did not receive this email, and in all honesty this apparent copy of this email looks fake. I believe I could easily create this type of fake email myself. So, is there a way of telling whether someone has faked an email which they claim they sent to you? And, should I insist that the original email they claim they sent to be is forwarded to me and not copied and pasted?”

Hello Eve,

It is extraordinarily easy to fake an email message.  In fact, if you have a copy of a similar message sent by the same sender, the fake copy can look almost completely identical to a real message … the differences only apparent to computers.

The only way to tell if a message was faked is to gain access to the sender’s email server logs and see if it was indeed sent.  I would not trust a “pasted” copy of a message.  Furthermore, the “original email” will likely also not prove that the message ever was really sent or sent to your servers.

For more details that take you into the weeds of how email delivery works, can fail, and can be forged, see: