[Tfug] Slightly OT: Got a weird one regarding EMail logs and ISPs.

[Jim March]

Not exactly Linux but then not exactly "not" either.

Got a friend who got involved in a business deal that went south, now
he's suing.  The guy he's suing sounds like a real winner and is
claiming there's a couple grand worth of expenses my friend never
agreed to.  Except the guy we'll call "the bad guy" for now has what
he claims is an EMail in which my friend authorized the expenses in
question.

The bad guy has produced this EMail for a court.  It doesn't include
header data - just the timestamp received at COX (late Jan. 2009),
to/from info (allegedly from my friend's MSN.COM account to their
COX.NET account), subject line and text.

He says the EMail in question is fake, he never sent it.

They could have easily faked it any number of ways, but the header
data would of course be much harder to fake, and these guys ain't all
that smart.  Right now he's telling the court it's a fake EMail (under
oath on his part, sworn declaration) and he's doing a request for
document production for the header data.

Now assuming he's telling me the truth and he never sent that, I would
assume the other side will claim they purged their electronic copy so
they have no header data, if they're at all smart.

Can he ask his paid ISP (msn bleah on a dial-up account paid to them
gag) to show that they have no log for his outgoing mail of that
subject line at that time, and that there would be one if the message
is fake?  I would guess that as an MSN customer he doesn't need a
court order to track data he allegedly sent?  OR if MSN doesn't keep
such logs, is it possible COX does and he gets a court order for their
logs, would COX keep that kind of thing?

Any other thoughts on cracking this?

I'm BCCing the friend...

Jim