1) Take a .eml file from the Wikileaks archive.
2) Open it with Notepad
3) Replace the content of the message with whatever you want
4) Open it with your mail client (Outlook for me)
I don't have the ability to run the type of check found here:
http://dailycaller.com/2016/10/21/heres-cryptographic-proof-that-donna-brazile-is-wrong-wikileaks-emails-are-real/
But maybe somebody else can. I'm pretty sure, though, that I've altered the contents of the email and left the header intact, which in theory means that from a technical perspective, once Wikileaks had the emails in their possession, they could have done the same.
I need to reiterate, though, you would have to be incredibly short-sighted to do that. There are multiple copies of this email record in existence - at least one in the mailboxes of everyone on this thread, as well as any backups that people might have. To alter your copy and then expect that no one would point it out would be optimistic in the extreme (delusional, really). I think that a reasonable person would start with the hypothesis that these aren't altered based on Wikileaks' record of document integrity, the fact that other evidence is corroborating what's found in the emails (Project Veritas' videos naming the time of a meeting that's found in the email archive, etc.), and other evidence. But that's just my opinion.
What do you think? Again, I'm not an expert in this area, so comments are welcome.
Here is the header:
Delivered-To: john.podesta@gmail.com
Received: by 10.25.88.78 with SMTP id m75csp262190lfb;
Sat, 13 Feb 2016 12:46:34 -0800 (PST)
X-Received: by 10.98.34.212 with SMTP id p81mr12085412pfj.23.1455396394008;
Sat, 13 Feb 2016 12:46:34 -0800 (PST)
Return-Path: <gbsperling@gmail.com>
Received: from mail-pa0-x236.google.com (mail-pa0-x236.google.com. [2607:f8b0:400e:c03::236])
by mx.google.com with ESMTPS id tw2si28165283pab.238.2016.02.13.12.46.33
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Sat, 13 Feb 2016 12:46:33 -0800 (PST)
Received-SPF: pass (google.com: domain of gbsperling@gmail.com designates 2607:f8b0:400e:c03::236 as permitted sender) client-ip=2607:f8b0:400e:c03::236;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of gbsperling@gmail.com designates 2607:f8b0:400e:c03::236 as permitted sender) smtp.mailfrom=gbsperling@gmail.com;
dkim=pass header.i=@gmail.com;
dmarc=pass (p=NONE dis=NONE) header.from=gmail.com
Received: by mail-pa0-x236.google.com with SMTP id yy13so61924271pab.3;
Sat, 13 Feb 2016 12:46:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
h=content-type:mime-version:subject:from:in-reply-to:date:cc
:content-transfer-encoding:message-id:references:to;
bh=+28QEQtUrTV+f7iNbIkhVKqZcL0gVrkNHD6d1ZjaavY=;
b=Mh7fFtVDRubr099eA7VuhM4HhOlpuFXt+BReEPEFiM5dv9RymdXGMxRxvS6O1/2k/w
ZusjQ0i7nOCo/Ui+9RCR2Qo0fSh/fi0aIxRzc2etoh7YTw4AFFJrNZdAf6/7l1Yw6WfC
IfH5O0IjS7ovAWg3ZoW4BNocux+YANHMJWTEUA3yNZaEBvMX+O4oGZcvVs95oEAMbrBm
ZYlgycUeBk+xHDypyBN7nW3VqcRy2i3ghaICVSYjHel512wlhj0DxgbhgSTPhJ4wpnRp
QwzL325IAuCFIdJ1Ukg5kMWwcfZCFK8Gt1ixH0Y8qkjXVxecNgAHfx1L5jrXvo2pVh1Z
zQIw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:content-type:mime-version:subject:from
:in-reply-to:date:cc:content-transfer-encoding:message-id:references
:to;
bh=+28QEQtUrTV+f7iNbIkhVKqZcL0gVrkNHD6d1ZjaavY=;
b=h50Po3S/ek8QAME11e2e7TcQMO/NVtGC2QXvpdKjsi8sbTwLSEZbvCXCIww7ocpbzP
OJYWlEf6P3vAtYgm7WVbJRS5L1B5UfrGEShGwqmMkBBi5tSer+K3D7/i+MUo89f5Zb+b
p3yiE61ot1mPViPMISSMC8ryXdcnmUrOqbZpC2nZ1lhmctOVOAT1aIhj8xgVxKt4pGQa
3SMCE6NqD3wZT35W+7YiY82BaufAMcRozK32fVBbw3fUykDosney0uJ0JNeyVVOlruUn
ZpleGXUODOJhip4+eWCc4MrlskvKsCOVrgocK+J5vJ4Lwmmo94CPigZC1V2cQphy/IUb
FOaw==
X-Gm-Message-State: AG10YOQv1YZaF42PVZtmmnowAjY0DGo9TEdkv2gr9pAcIZhLLyaGmFDsUkzQBVvWWsO3bQ==
X-Received: by 10.66.248.198 with SMTP id yo6mr12033964pac.54.1455396393361;
Sat, 13 Feb 2016 12:46:33 -0800 (PST)
Return-Path: <gbsperling@gmail.com>
Received: from [192.168.1.8] (27.sub-70-211-16.myvzw.com. [70.211.16.27])
by smtp.gmail.com with ESMTPSA id z5sm28115282pas.29.2016.02.13.12.46.31
(version=TLSv1/SSLv3 cipher=OTHER);
Sat, 13 Feb 2016 12:46:32 -0800 (PST)
Content-Type: multipart/alternative;
boundary=Apple-Mail-12C54A17-2C76-441A-AAA3-DB0AF4C35185
Mime-Version: 1.0 (1.0)
Subject: Re: HRC financial proposal
From: Gene Sperling <gbsperling@gmail.com>
X-Mailer: iPhone Mail (12B436)
In-Reply-To: <5495322817735053152@unknownmsgid>
Date: Sat, 13 Feb 2016 12:46:31 -0800
CC: Neera Tanden <ntanden@gmail.com>, Mike Schmidt <mschmidt@hillaryclinton.com>,
John Podesta <john.podesta@gmail.com>,
Michael Shapiro <mshapiro@hillaryclinton.com>,
David Kamin <davidckamin@gmail.com>, Michael Pyle <pyle_michael@yahoo.com>
Content-Transfer-Encoding: 7bit
Message-Id: <F771A0FC-6079-4647-8815-0C5A92AF8651@gmail.com>
References: <56BF87F601DA055A00F5017D_0_32030@p171> <7B124F68-F1AD-43E3-A9EA-0489FAC8B0D3@americanprogress.org> <CAJiTYQaXk1PO2E46BLgu+UbeVg917Nj_yM_CAC8F3pW_7-V=6g@mail.gmail.com> <5495322817735053152@unknownmsgid>
To: Jake Sullivan <jsullivan@hillaryclinton.com>
--Apple-Mail-12C54A17-2C76-441A-AAA3-DB0AF4C35185
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Two thoughts for discussion:
1. We're the most corrupt people ever - except for the people who might have altered this email.
2. It looks this email could have been altered without affecting the email header.
--Apple-Mail-12C54A17-2C76-441A-AAA3-DB0AF4C35185--
