My first startup tried to answer this. Basically you take a secure hash of every email and store only the hash with a third party (which records the date, that's the monetization) -- but it's really really hard to sell companies on preventative technical solutions that involve math.

It works because you don't need to know which emails/files are important -- storing 250 bytes of hashes is practically free and tells you nothing about the contents, it just authenticates the contents later in court.

Out of curiosity, how did you verify that the emails were actually sent before storing the hash. What would prevent me from storing a hash on your server without sending the email?

We didn't (this story isn't exactly our use case), but think of how much easier this would be to arbitrate if Ceglia could prove that those emails existed on Feb 4, 2004 instead of this year.

Now it's possible he could have had the foresight to make and hash fake emails that he didn't send just in case, but you've still significantly raised the bar for fraud from just "finding" emails from 2004.

A bigger question might be, who sent it? Was it really the person you claim it is?

It's easy to show the receipt of an email and where it came from (especially when you have full headers). But unless the sender bothers to GPG or S/MIME sign the email, in theory, it could have been sent by another person who had access to the account. Or, it could have been spoofed, etc.

Trace of evidence in web email. I just went to Hotmail (an acct I stopped using long ago) and pulled up emails from, yes, 2004. :)

This is why digital signatures were invented.

Here in Australia an opposition leader was undone by a faked email (http://en.wikipedia.org/wiki/OzCar_affair).

RTFA

"Facebook almost certainly has a forensic analysis of Mark Zuckerberg's hard drives and email boxes from this period, because these drives would have been the same ones analyzed in the Winklevoss lawsuit," writes Blodget. "Perhaps the drives show different versions of the emails in question--or no emails at all."

Yes but what does that mean? One can create and "backdate" (touch -t) any file. So how does one prove that an email is real and not created and backdated today?

If there is a copy of the purported Ceglia emails other than in Ceglia's imagination (e.g. in the verified forensic analysis previously done for the twins), then they truly do exist.

It would be interesting if a web email provider was used. Doubtful they have any decent retention strategies after you hit delete.

On one's own server, sure. On hotmail.com or some other 3rd party email provider, not so much.