On 28/04/2025 09:02, Dave wrote:

Dear all,

Some of you have followed and been very helpful with a claim I am bringing (small claims track for not fulfilling an agreement to pay for work for
those of you that haven’t).

We have now submitted our evidence packs. The Defendant’s pack contains an element purporting to be an email chain between her and the Police in which it is asserted that they are looking for me and ‘have enough to bring me in for an informal interview’ and that I am not living at my given address.

I think the Defendant has either forged it or got a Police employee (but
not a Constable) friend to collude in the dialogue.

The email seems to come from a genuine Police domain but she has scribbled out the sender’s name in the email addresses.

What is your advice on how to proceed? Are you aware of any forensic
services that could recover the address (it is scribbled out rather photocopied).

The claims in the email can’t be true as I haven’t been contacted by the Police even once, I am almost always at home, I have done nothing to
warrant interview.

Many thanks.

Could you perhaps contact the police yourself, tell them that this
appears to be forged correspondence purporting to be from the police, justifying the arrest of the perpetrators?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Dave <david.christopher.astles@gmail.com> writes:

We have now submitted our evidence packs. The Defendant’s pack contains an element purporting to be an email chain between her and the Police in which it is asserted that they are looking for me and ‘have enough to bring me in for an informal interview’ and that I am not living at my given address.

I think the Defendant has either forged it or got a Police employee (but
not a Constable) friend to collude in the dialogue.

The email seems to come from a genuine Police domain but she has scribbled out the sender’s name in the email addresses.

What is your advice on how to proceed? Are you aware of any forensic
services that could recover the address (it is scribbled out rather photocopied).

Can I assume that an "evidence pack" is sheets of printed paper?

It is trivially easy to forge a printout that looks to be an email.

Any reputable email these days will have headers that include a DKIM
signature.

This is a cryptographic signature that validates the body and many
of the headers, including Subject: and Date: and requires a private
key associated with the sender's domain to generate.

See https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail

I'd ask the court / police to request from the Defendant a full digital copy, including headers of the email. Forward as attachment should work.

Here's an example:

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lancashire.police.uk;
h=from:subject:mime-version:to:content-type:content-transfer-encoding;
s=NPS; bh=bnWlE0//ldSilhn79DXWNc/tpRPASllivLYu/LPzuRU=;
b=MxSoq+xsdTsmLJMt+oGO6c2J6+8LGXYoA4HvBl22law3jOMIG14iFpqHOFCbFkE+9gNe
gTturwRlhXYlmQgJmVQ7SO+Y+DkLe3YQublr+bASbcJXgqTu6daE/R7u7/k+e2la+oY7ip
vcLIAMiVfb464HHdqAEDvLm0l0Q9C5CGGuZOQmPHfWDXWhKzUzJIYZHITYhayLJY6m9DqH
wX5Knzuc7oJFhNPLUdGuaDsPfdbJS0EeWg4LJC7qkFmv3c6zBq0GNy32b7ORTxouMXsIt2
FDMsD6c2akcsowFts0D4oDXqT+CZQyjOdAQm+uQU4yKwiZnBHft9iG+Pn+j+ndRQ==

Unfortunately, it seems that since 2021, when I received that email,
Lancashire Police have rotated their key and the selector (s=NPS no
longer works).

Here's a recent example from my domain:

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wylie.me.uk;
s=mydkim006; t=1745782975;
bh=RXuw3XQI3TtCJBY8KZlv+nf3A2TpjJw+9J1OXlPu5N4=;
h=Date:From:To:Cc:Subject:In-Reply-To:References;
b=hoc/oLKbqk2TmpmxDwUJOXWC0Qqh8gSNF4pbJx7cGLPNP22eoYZKgR3QIuhB3hsdX
X/Dpi2voQCiTBKGQUVa6O6CnS00ePNaT+1Ybp0SfW1m5DqzyjW72ZXHPc+tdXZZ4Oz
0Bt3KTTAj7/dkTec+xaukIw4cCY4TwKv8n2g/kIj3GqqMl4rTyxGlwfrmcxQ1lrpPi
4I9dBUBbuZMFXNtUp291l1Zy7RLB0b9lfoki3b4cROCGkLnIgOKoL/FxWukMe+fg2y
xbC/N/XrfHYB+1pu9yKlxaTv6noP/mUPN9YlW6rEJJY/7LXQAsSMPKv30wFKBM632r
39aWoPPwRVtUg==

and the public key can then be looked up

$ dig +short -t txt mydkim006._domainkey.wylie.me.uk
"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2Ut003KeaCrfWe5woqHoWuPYvV4AKeI8ytzn0ddam1BiRO1QUGpTzhdYiXASdhjxkFetoFF1BeRmE8kqbaDNK8ttPWa7fOvqtR+kluBs9rRvomWj8eFZcxsXABLYs6gQSNvuxDZipA2wL/FPaAOEw/pOCAQ70say4/ww8JZMqMde9pfKp0obNwOudzL" "
jLgSXQaWAOXcNOMy+ai8WulUOdoAxbGhHdpFSLeOOZYQqzV/Tm6kDhOtGWBSzf+dR/hhelRd0A4VvA20laRMdVhMnLbiZycMTB7wWAojPHixQSHj3w0djiNzm41/J/j1ypQbEouBb2P+RE0El4CSvyVgcwIDAQAB"

and the email can be verified as being signed by me.

$ grep ^Date foo
Date: Sun, 27 Apr 2025 21:35:48 +0100
$ opendkim-testmsg < foo
$ [no output means OK]

[edit foo and change 1 bit in the Date header]

$ grep ^Date foo
Date: Sun, 27 Apr 2025 21:35:49 +0100
$ opendkim-testmsg < foo
opendkim-testmsg: dkim_eom(): Bad signature
$


--
Alan J. Wylie https://www.wylie.me.uk/ mailto:<alan@wylie.me.uk>
Dance like no-one's watching. / Encrypt like everyone is.
Security is inversely proportional to convenience

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 28 Apr 2025 at 16:41:47 BST, ""Alan J. Wylie"" <alan@wylie.me.uk> wrote:

Dave <david.christopher.astles@gmail.com> writes:

We have now submitted our evidence packs. The Defendant’s pack contains an >> element purporting to be an email chain between her and the Police in which >> it is asserted that they are looking for me and ‘have enough to bring me in
for an informal interview’ and that I am not living at my given address. >>
I think the Defendant has either forged it or got a Police employee (but
not a Constable) friend to collude in the dialogue.

The email seems to come from a genuine Police domain but she has scribbled >> out the sender’s name in the email addresses.

What is your advice on how to proceed? Are you aware of any forensic
services that could recover the address (it is scribbled out rather
photocopied).

Can I assume that an "evidence pack" is sheets of printed paper?

It is trivially easy to forge a printout that looks to be an email.

Any reputable email these days will have headers that include a DKIM signature.

This is a cryptographic signature that validates the body and many
of the headers, including Subject: and Date: and requires a private
key associated with the sender's domain to generate.

See https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail

I'd ask the court / police to request from the Defendant a full digital copy, including headers of the email. Forward as attachment should work.

Here's an example:

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lancashire.police.uk;
h=from:subject:mime-version:to:content-type:content-transfer-encoding;
s=NPS; bh=bnWlE0//ldSilhn79DXWNc/tpRPASllivLYu/LPzuRU=;
b=MxSoq+xsdTsmLJMt+oGO6c2J6+8LGXYoA4HvBl22law3jOMIG14iFpqHOFCbFkE+9gNe
gTturwRlhXYlmQgJmVQ7SO+Y+DkLe3YQublr+bASbcJXgqTu6daE/R7u7/k+e2la+oY7ip
vcLIAMiVfb464HHdqAEDvLm0l0Q9C5CGGuZOQmPHfWDXWhKzUzJIYZHITYhayLJY6m9DqH
wX5Knzuc7oJFhNPLUdGuaDsPfdbJS0EeWg4LJC7qkFmv3c6zBq0GNy32b7ORTxouMXsIt2
FDMsD6c2akcsowFts0D4oDXqT+CZQyjOdAQm+uQU4yKwiZnBHft9iG+Pn+j+ndRQ==

Unfortunately, it seems that since 2021, when I received that email, Lancashire Police have rotated their key and the selector (s=NPS no
longer works).

Here's a recent example from my domain:

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wylie.me.uk;
s=mydkim006; t=1745782975;
bh=RXuw3XQI3TtCJBY8KZlv+nf3A2TpjJw+9J1OXlPu5N4=;
h=Date:From:To:Cc:Subject:In-Reply-To:References;
b=hoc/oLKbqk2TmpmxDwUJOXWC0Qqh8gSNF4pbJx7cGLPNP22eoYZKgR3QIuhB3hsdX
X/Dpi2voQCiTBKGQUVa6O6CnS00ePNaT+1Ybp0SfW1m5DqzyjW72ZXHPc+tdXZZ4Oz
0Bt3KTTAj7/dkTec+xaukIw4cCY4TwKv8n2g/kIj3GqqMl4rTyxGlwfrmcxQ1lrpPi
4I9dBUBbuZMFXNtUp291l1Zy7RLB0b9lfoki3b4cROCGkLnIgOKoL/FxWukMe+fg2y
xbC/N/XrfHYB+1pu9yKlxaTv6noP/mUPN9YlW6rEJJY/7LXQAsSMPKv30wFKBM632r
39aWoPPwRVtUg==

and the public key can then be looked up

$ dig +short -t txt mydkim006._domainkey.wylie.me.uk
"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2Ut003KeaCrfWe5woqHoWuPYvV4AKe I8ytzn0ddam1BiRO1QUGpTzhdYiXASdhjxkFetoFF1BeRmE8kqbaDNK8ttPWa7fOvqtR+kluBs9rR vomWj8eFZcxsXABLYs6gQSNvuxDZipA2wL/FPaAOEw/pOCAQ70say4/ww8JZMqMde9pfKp0obNwOu dzL" "jLgSXQaWAOXcNOMy+ai8WulUOdoAxbGhHdpFSLeOOZYQqzV/Tm6kDhOtGWBSzf+dR/hhelRd0A4V vA20laRMdVhMnLbiZycMTB7wWAojPHixQSHj3w0djiNzm41/J/j1ypQbEouBb2P+RE0El4CSvyVgc wIDAQAB"

and the email can be verified as being signed by me.

$ grep ^Date foo
Date: Sun, 27 Apr 2025 21:35:48 +0100
$ opendkim-testmsg <foo> $ [no output means OK]

[edit foo and change 1 bit in the Date header]

$ grep ^Date foo
Date: Sun, 27 Apr 2025 21:35:49 +0100
$ opendkim-testmsg <foo> opendkim-testmsg: dkim_eom(): Bad signature
$

Even before we get to proving the existence and validity of the actual emails, the evidential value of email correspondence with one of the two participant's actual identity not shown must be rather low.

--

Roger Hayter

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 17:47 28 Apr 2025, Dave said:

Roger Hayter <roger@hayter.org> wrote:

On 28 Apr 2025 at 16:41 "Alan J. Wylie"" <alan@wylie.me.uk> wrote:

Dave <david.christopher.astles@gmail.com> writes:

We have now submitted our evidence packs. The Defendant's pack
contains an element purporting to be an email chain between her
and the Police in which it is asserted that they are looking for
me and 'have enough to bring me in for an informal interview'
and that I am not living at my given address.

I think the Defendant has either forged it or got a Police
employee (but not a Constable) friend to collude in the dialogue.

The email seems to come from a genuine Police domain but she has
scribbled out the sender's name in the email addresses.

What is your advice on how to proceed? Are you aware of any
forensic services that could recover the address (it is scribbled
out rather photocopied).

Do you have a printed page that contains the original identitifying
text which you are seeking to read? In other words, was the scribbling
done onto the page you have?

Can I assume that an "evidence pack" is sheets of printed paper?

It is trivially easy to forge a printout that looks to be an email.

Any reputable email these days will have headers that include a
DKIM signature.

This is a cryptographic signature that validates the body and many
of the headers, including Subject: and Date: and requires a private
key associated with the sender's domain to generate.

See https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail

I'd ask the court / police to request from the Defendant a full
digital copy, including headers of the email. Forward as attachment
should work.

[TRIMMED]

Even before we get to proving the existence and validity of the
actual emails, the evidential value of email correspondence with one
of the two participant's actual identity not shown must be rather
low.

That's what I think. The deliberate obscuring of the name must surely
be suspicious. If the dialogue was genuine and supported the
Defendant's claims, it would be in her interest to show that.
Conversely, I can't think of any good reasons (for her) to conceal
it.

Dave

If the email came from a police domain and was sent on police
business, then the sender's name can't really be personal data and
hence something to be withheld under the Data Protection Act.

It may be worth requesting the obscured information. Even a refusal may
be useful in diminishing the reliability of the email's contents.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 19:36 29 Apr 2025, Dave said:

Pamela <uklm@permabulator.33mail.com> wrote:

On 17:47 28 Apr 2025, Dave said:

Roger Hayter <roger@hayter.org> wrote:

On 28 Apr 2025 at 16:41 "Alan J. Wylie"" <alan@wylie.me.uk> wrote:

Dave <david.christopher.astles@gmail.com> writes:

We have now submitted our evidence packs. The Defendant's pack
contains an element purporting to be an email chain between her
and the Police in which it is asserted that they are looking for
me and 'have enough to bring me in for an informal interview'
and that I am not living at my given address.

I think the Defendant has either forged it or got a Police
employee (but not a Constable) friend to collude in the
dialogue.

The email seems to come from a genuine Police domain but she has
scribbled out the sender's name in the email addresses.

What is your advice on how to proceed? Are you aware of any
forensic services that could recover the address (it is
scribbled out rather photocopied).

Do you have a printed page that contains the original identitifying
text which you are seeking to read? In other words, was the
scribbling done onto the page you have?

Yes, she has foolishly scribbled it out on the page she sent me.

That gives some hope. Discovery of the original text would depend on
the nature of the two inks.

I have no experience in this but it's said that viewing the scribbled
portion in different lights (UV, IR and various narrow-spectrum
colours, from the front or back) may reveal something. See example
here:

"A Simplified Guide To Forensic Document Examination" https://www.forensicsciencesimplified.org/docs/QuestionedDocuments.pdf

Alternatively, perhaps you could colour scan the document and then
colour sample only the scribble ink (from a portion where there is no underlying text) and reduce the intensity of only this colour-mix in
the hope of increasing the visible contrast of the lower layer.

As a final measure you could undertake a destructive operation such as
trying to wash away the top layer with water or a solvent. If the
document is laser-printed the lower layer will be heat-fused toner and relatively resistent to degradation.

These free documents here have links on the right side: https://scholar.google.com/scholar?q=forensic+document+examination

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2025-04-30, Simon Parker <simonparkerulm@gmail.com> wrote:

As it happens, I've received a few e-mails from GMP in the last few
days and have had similar e-mails in the past from both GMP and
Merseyside Police.

In my experience with those two forces, e-mail address are in the
format <badgenumber>@<policeforce>.police.uk (so badge number 12345 at Greater Manchester Police will have the e-mail address "12345@gmp.police.uk.invalid" (I've added the invalid at the end for
obvious reasons.))

If the e-mail address used is not in this format, it could be a further reason to be suspicious.

FWIW I have emails from the Met a few years ago and they use or used <firstname>.<lastname>@met.police.uk, or did for CID detectives anyway.

Additionally, also in my experience, most police forces seem to use
Microsoft Exchange with ARC configured so it is possible to track the
mail and authenticate it from the headers.

That was true for the Met too.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Simon Parker <simonparkerulm@gmail.com> writes:

As it happens, I've received a few e-mails from GMP in the last few
days and have had similar e-mails in the past from both GMP and
Merseyside Police.

In my experience with those two forces, e-mail address are in the
format <badgenumber>@<policeforce>.police.uk (so badge number 12345 at Greater Manchester Police will have the e-mail address "12345@gmp.police.uk.invalid" (I've added the invalid at the end for
obvious reasons.))

North Yorkshire Police: firstname.surname@

https://www.facebook.com/NorthYorkshirePolice/posts/pfbid02Rc4D463FhtV1Yuebt96P81ZZkMCxhhSrN9thGt5KGx1S9skan6RVmCfZzv6nQcVWl

--
Alan J. Wylie https://www.wylie.me.uk/ mailto:<alan@wylie.me.uk>
Dance like no-one's watching. / Encrypt like everyone is.
Security is inversely proportional to convenience

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, 30 Apr 2025 15:31:22 -0000 (UTC), Jon Ribbens <jon+usenet@unequivocal.eu> wrote:

On 2025-04-30, Simon Parker <simonparkerulm@gmail.com> wrote:

As it happens, I've received a few e-mails from GMP in the last few
days and have had similar e-mails in the past from both GMP and
Merseyside Police.

In my experience with those two forces, e-mail address are in the
format <badgenumber>@<policeforce>.police.uk (so badge number 12345 at
Greater Manchester Police will have the e-mail address
"12345@gmp.police.uk.invalid" (I've added the invalid at the end for
obvious reasons.))

If the e-mail address used is not in this format, it could be a further
reason to be suspicious.

FWIW I have emails from the Met a few years ago and they use or used ><firstname>.<lastname>@met.police.uk, or did for CID detectives anyway.

My local force (West Mercia) uses the same format. But there isn't a
national standard. Individual forces are free to have their own username
policy which will appear on the email address.

Mark

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)