Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Status
Not open for further replies.

slearmonth

macrumors newbie
Original poster
Dec 2, 2024
5
0
Can I edit the receive and sent date of an email I have received or sent using the Mac Mail app?

I have tried to export an example email as plain text, edit the date but I can't see any way of importing back into the Mail app.
 
eMail database elements are constructed as mail messages travel from client app through a chain of ostensibly trusted mail servers. Ordinarily, message records are added to a mail database only by a validated mail app and subsequent servers. This has been a basic operational principle since ARPANET in 1970s. Modern eMail systems have mechanisms to secure chain of custody, end to end (DMARC, DKIM, and SPF), whether users know it or not. Even superficial examination would reveal shenanigans.

That said... Mail headers can be manipulated, with the right software, before transmittal. Messages can be intercepted and repackaged as new messages with manipulated headers, and then forwarded on (man-in-the-middle hack). Messaging systems can be hacked to edit the database directly, but the crypto would still flag the attempt.
 
Last edited by a moderator:
Select the message (in Mac Mail), File menu > Save as... and save where you want with format Raw Message Source. That produces a text file. Open and edit in your favourite text editor. Save and open with Apple Mail and file it somewhere. Do whatever you want with it. I leave it to you to discover which fields in the mail header to change.

30+ years ago I used to surprise other people with how easy it it to forge email. I suspect most people (obviously @ipaqrat excepted) would still be surprised. I didn't pursue that career (forging email). :)

eMail database elements are constructed as mail messages travel from client app through a chain of ostensibly trusted mail servers.
Yes. The delivery methods have become more secure against interception and modification in transit. And content can be (but seldom is) encrypted. But there has never been anything to prevent the recipient from modifying the mail envelope (headers) and unencrypted content. It surprises me that courts are prepared to accept email as evidence.
 
While I think gilby101 suggestions will work, that's limiting the "changes" to only the senders or receivers copy of the email. While we don't know WHY OP wants to do this, if there is any scenario of trying to put anything over on someone else, there is always the other end of the "paper trail" too.

For example, if I could hack this post to date it like I'm magically addressing OPs question BEFORE he asks, OP still knows and has his dating of when he asked (when he started this thread). Thus, in any situation where one questions the dates of some post or some email, digging only a little deeper would reveal the forgery.

Some gullible person(s) may never "investigate further" but it wouldn't be very hard to "dig deeper"- just email the "From" person to ask when they sent it or the "To" person to verify when they received it- to detect the alterations. This would be incredibly easy to "catch" the changes with minimal work involved.

If it was as easy as changing dates in one email, there would be a massive cottage industry of incredible futurists who always call anything & everything right and have the dated email predictions to prove it. Want every stock that goes up the most today? I'll prove I picked all of them by showing an email dated yesterday tomorrow. Want to know who wins every sporting event this weekend? I'll prove I called them all, even their exact scores, etc by an email dated today but shown as my evidence of my uncanny ability on Monday. Etc.

Again, don't know OPs intensions and don't want to jump to conclusions but the effort to manipulate the dates will be an easily disproven thing if whatever the intent is barely investigated by whoever is supposed to see these altered dates. And even if OP could make such changes on BOTH ends, there would still be the potentials of "in between" servers as well as modern location tracking knowing that the other person was or was not located at the origination point where the email is now sent on another day or time. For example, if my smart device has me 30 miles away at the new time & date chosen for me to be sending this revised email from some other device, obviously I wasn't there to send it at the altered timestamp.

This kind of stuff just piles up to hinder whatever the objective of this alternation happens to be. To succeed at "getting away with it" mostly depends on whoever needs to see the changes not questioning what they see, involving anyone else who questions it, etc. Once anyone barely investigates further, they likely detect the alterations... which then casts doubt on anything else to which this may be related.
 
Last edited:
In the spirit of providing technical help, I won't go into details about how to actually do this since you said you found a solution via ChatGPT.

But, one thing to think about is that this will change your local copy of the email, and depending on your mail settings could upload the changes to your mail server. However, there will be quite a few clues left that this email has been modified.

Firstly, if you are able to upload the change to your exchange/imap server, most servers will treat this as a new email and assign a new internal id. This means that the ideas may appear out of order. (Maybe not in the email client's UI, but in the internal database of emails, which is something that a technical person like a sysadmin might notices.)

Also the correct send/receive date is also recorded on both sender's and receiver's computers. Any investigation would quickly turn up there the two sets of timestamps don't agree.

There are also logs of it's journey on every mail server it touched between the sender and receiver. Those logs detail the local time the email was received, where it's coming from and where it's going to.

At a minimum that would be the sender's email servers and your email server . Because of how the email protocols are designed, it could also appear on third party servers as it move through the internet. (I think this is not common these days, where most companies are connected to the internet 24/7 but back in the day when internet connections tended to be intermittent, it happened.)

So an email going from my computer to yours would have:
1) The original copy in my sent folder (with the correct timestamps)
2) A log in fastmail.com's smtp server showing that an email was sent from me to you, with the correct timestamps
3) A log in your company's smtp server showing the correct sent/received time stampe
4) A log in your company's imap or exchange server showing the time you accessed it.
5) The modified copy of the email with a timestamp that does not line up with all of the others.

So while it's not terribly hard to change the send/receive dates or even content of an email, it's actually fairly difficult to do it in a way that would stand up to forensic scrutiny. If there were a lawsuit, or law enforcement were involved they would attempt to look at these logs and the original sender's mailbox, if they still exist. They would likely also want to look at your computer, which may have indications of the original email left over.

So, in essence, it's good for a prank but not much else. If its something that is more serious, then there are risking being found out.

Now speaking non-technically: I would urge you not to do this unless it's a harmless prank. Anything beyond that and there is a significant risk of someone piecing together the various timestamps and realizing what's been done.
 
  • Like
Reactions: slearmonth
Status
Not open for further replies.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.