Adding digital forensic readiness to the email trace header

The protection strategies proposed and implemented to protect users against spam, focus on specific areas that need to be protected e.g. Anti-Spam filters that protect the user's mailbox from bulk unsolicited email. Digital forensics is based on scientifically proven methods to collect and analyze digital information. Employing digital forensic techniques to gather and analyze email information provides a new dimension to the fight against spam. Adding digital forensic readiness to email will allow for the gathering of forensic information. The digital forensic information can be used to verify information contained in the trace header of an email. The authors propose augmentations to the receive header, that is part of the trace header, currently specified for SMTP to implement digital forensic readiness. Incorporating digital forensics, adds a level of integrity to the trace header information that can be used for other purposes e.g. creating a spam detection mechanism or tracing the origin of spam. Digital forensic information is added to the email envelope so there is no effect to the content of the email. Therefore, the content remains untouched. The authors examine the addition of digital forensic information and highlight the changes that will need to be implemented in the SMTP trace header. The authors propose the gap detection algorithm that is used to find gaps in the received-tokens of the received header. The information that is generated by the gap detection algorithm is also discussed. In conclusion, the addition of digital forensic readiness adds a level of integrity to the SMTP trace header that can be used to add a level of trust.