File talk:Fake Hamas bomb email via Tadeusz Giczan.jpeg

Forgery?
CC or other recipients of the email that would presumably show up in the 'To:' field of the message header, are not present in the image from dossier centre. The ATCs said the email was shared with other airports. As well as already noted mix of Russian 'BK' in date line and english 'To', the 'To:' field also seems aligned oddly. The image looks to be a separate thing from any email actually received in Minsk and Vilnius at the time. Are Protonmail confirming they have looked at the image and matched it with metadata? It's not clear. They say they are not verifying the contents. --Diagonal (talk) 10:25, 30 May 2021 (UTC)

From Reuters: ''Proton declined to comment on specifics of the email, saying that its encryption made it impossible to "access or verify the contents of the message." "However, we are able to see when the message was sent, and we can confirm that the message in question was sent after the plane was redirected," the Swiss company said in a statement. It added that "we have not seen credible evidence that the Belarusian claims are true and we will support European authorities in their investigations upon receiving a legal request."''


 * I too believe the screenshot is a forgery. I have been trying to figure out what email program was used to display the email. To me it looks most like Gmail for some mobile device. But most of the screen is photoshop. The bomb threat text itself looks like copy-paste from some newspaper.
 * Another sign is the up-down arrow at the end of the To: line. In the default position it is down. Clicking it expands the header fields with the arrow left in the up position. In the screenshot the text is placed where the email headers should be.
 * The forger would however need to know the time of the email. Khodorkovsky, or whoever might have forged it, could have received this information from the Vilnius airport. The original sender would also know the time, so they could have forged it to make it look like they were the receiver. -- Petri Krohn (talk) 11:35, 30 May 2021 (UTC)

If it was bcc'ed, then apparently server will send it as a separate job, possibly routed differently too; and bcc'ed recipients will not be seen to other recipients (+Who knows how Belarus handles internet traffic, in particular with easily identifiable threat; during disturbances, internet in Belarus was cut altogether; so they previously considered controlling things already). If this visual is genuine at all, it must be copied at recipient end, how else they will access it at all. Then likewise, things sent to Vilnius could be communicated to Minsk by humans involved, as should be the case with this email we are looking at.

Would be weird if this is staged by Belarus 3letters and not send to themselves for cover-up, which would be the main point of doing this altogether. (But they could be less savvy then westerners in all the IT tricks) --Resup (talk)


 * Many of the To:, CC:, Bcc: issues are cleared by this post on Moon of Alabama: 'Like An Amoral Infant' - How ProtonMail Contributes To False Media Claims About Belarus -- Petri Krohn (talk) 13:08, 30 May 2021 (UTC)
 * Proton answers are convoluted. They suggest that the source of this email on file is Lithuanian authorities. That would mean it was sent To Belarus with cc or bcc to Lithuania. That is not apparent from what we see (bcc ?). Likewise, if first email was sent To Lithuania with bcc to Belarus, is it "sent to Lithuania" in protonspeak? The server record of sending no 1 to Lithuania then will not record bcc recipient, it will  have Lithuania in the To entry, and will not have Belarus listed in the server record of that job or in the copy received in Lithuania. Proton server will then send a copy to Belarus as a separate job, with Lithuania in the To entry (and possibly with Belarus listed as bcc, or not) --Resup (talk) 15:01, 30 May 2021 (UTC)


 * The image does look to me consistent with what Petri suggests. Seems that it was based on a gmail mobile app and it looks as if the email metadata drop down field was opened but the other data it would contain has been 'tipexed' out. The body text also looks irregular in formatting. Why would someone put that in an email instead of plain text?--Diagonal (talk) 15:26, 30 May 2021 (UTC)

Round-up error?
Some n-letters leak associates are trying to make a mileage out of the fact that image on file shows time 12:57, while reports say it is dated 12:56 (with whatever dated means). I am not too excited about all this, but making a note here. Unsure how is this supposed to work. --Resup (talk) 01:52, 2 June 2021 (UTC)