How to safely open sketchy email?

furom

Hi,

What would be the best/safest way to open emails that are in between spam and possibly legit?

A VM on a firewalled own net? Would all else be safe then? How would you guys do?

AndyRH

A read-only VM with very limited access to the internet (to get the email) and Zero (0) access to anything on your network. A packet capture if you care what it is doing.
Better yet, when in doubt, delete.

furom

@AndyRH Thanks. Yes, the delete is normally my first practice. But sometimes they fall in a category where it actually could be something.

How would I set up a read-only VM? The access part should be the easier part. How should I approach the email? With IMAP or POP? Will it matter at all in this scenario?

AndyRH

Many host programs have an option for a read-only or locked or etc VM. Basically everything you do in the VM is written to a cache file. When you shutdown the VM the cache file is deleted.
I do not think it matters how you read the email

furom

@AndyRH Ok. I will see if I can setup the VM as needed :) Thanks for the help! :)

provels

In Outlook, I move it to the Junk folder where all links are disabled and are displayed in plain text.

furom

@provels That would have been the easiest way. Unfortunately I don't have Outlook or a client that can access that mailserver. Thanks for the suggestion though :)

stephenw10

Yeah, just open it as plain text. Use a text editor if required.

furom

@stephenw10 This was unusual... I have it right now on my webmail. I suppose you meant to use the text-editor on a downloaded pop email?

furom

@stephenw10 Hi Stephen,
the mail is on my webmail... I hear that browsers are secure in the way data cannot leave the tab/browser these days but not sure on that. But if true, wouldn't it be ok to just open it where it is? I don't seem to be able to download it as POP for some reason. To a new mailclient it should just look like a new unread email, right?

DKenn

Some email clients do support JS, however pretty much any email server will sanitize the HTML and/or reject any messages containing scripts - in other words opening an email on any client or webmail platform should be safe, just don't click on links or download and/or open attachments.

furom

@DKenn Thanks, I did find out and it seems to have been ordinary spam, just formatted very well so the filter missed it. All good I hope