How to safely open sketchy email?
-
A read-only VM with very limited access to the internet (to get the email) and Zero (0) access to anything on your network. A packet capture if you care what it is doing.
Better yet, when in doubt, delete. -
@AndyRH Thanks. Yes, the delete is normally my first practice. But sometimes they fall in a category where it actually could be something.
How would I set up a read-only VM? The access part should be the easier part. How should I approach the email? With IMAP or POP? Will it matter at all in this scenario?
-
Many host programs have an option for a read-only or locked or etc VM. Basically everything you do in the VM is written to a cache file. When you shutdown the VM the cache file is deleted.
I do not think it matters how you read the email -
@AndyRH Ok. I will see if I can setup the VM as needed :) Thanks for the help! :)
-
In Outlook, I move it to the Junk folder where all links are disabled and are displayed in plain text.
-
@provels That would have been the easiest way. Unfortunately I don't have Outlook or a client that can access that mailserver. Thanks for the suggestion though :)
-
Yeah, just open it as plain text. Use a text editor if required.
-
@stephenw10 This was unusual... I have it right now on my webmail. I suppose you meant to use the text-editor on a downloaded pop email?
-
@stephenw10 Hi Stephen,
the mail is on my webmail... I hear that browsers are secure in the way data cannot leave the tab/browser these days but not sure on that. But if true, wouldn't it be ok to just open it where it is? I don't seem to be able to download it as POP for some reason. To a new mailclient it should just look like a new unread email, right? -
Some email clients do support JS, however pretty much any email server will sanitize the HTML and/or reject any messages containing scripts - in other words opening an email on any client or webmail platform should be safe, just don't click on links or download and/or open attachments.
-
@DKenn Thanks, I did find out and it seems to have been ordinary spam, just formatted very well so the filter missed it. All good I hope
