For instance, one can send fake email using telnet; there are even youtube videos showing how to do it. One can also fake emails in the past by editing your mail program's mail store to change the received date; the messages then appear as if they were sent on the desired date.
But all is not lost. In 2007, large email providers started using an antispam technique called DKIM, Domain Keys Identified Mail. This is a digital signature attached to each outgoing email; it allows other mail providers -- or you -- to verify that an email (including sender, recipient, date, and body) was signed by the mail provider it says it is from. Although it was originally designed only for use while the email was in transit, you can also use it after the fact to check whether a message has been tampered with.
Here's how to verify that an email has a valid DKIM signature using linux or cygwin:
wget http://downloads.sourceforge.net/project/domainkeys/libdomainkeys/0.69/libdomainkeys-0.69.tar.gz tar -xzvf libdomainkeys-0.69.tar.gz cd libdomainkeys-0.69 make(You'll probably need to add -lresolv to the LIBS= line.)
./dktest -v < email.txtIf the email does not contain a DKIM signature, you will see the message
DomainKey-Status: no signature dktest: DK_STAT_NOSIG: No signature available in messagewhich, sadly, means you can't use this technique to validate the email.
If the email is genuine, you will see the message
DomainKey-Status: goodIf the email is not genuine, you may see various other messages. For instance, if you edit the message to change the date, you will see
DomainKey-Status: bad dktest: DK_STAT_BADSIG: Signature was available but failed to verify against domain specified key