How to safely open sketchy email?

AndyRH · Aug 3, 2023, 6:48 PM

A read-only VM with very limited access to the internet (to get the email) and Zero (0) access to anything on your network. A packet capture if you care what it is doing.
Better yet, when in doubt, delete.

furom · Aug 3, 2023, 7:04 PM

@AndyRH Thanks. Yes, the delete is normally my first practice. But sometimes they fall in a category where it actually could be something.

How would I set up a read-only VM? The access part should be the easier part. How should I approach the email? With IMAP or POP? Will it matter at all in this scenario?

AndyRH · Aug 3, 2023, 7:07 PM

Many host programs have an option for a read-only or locked or etc VM. Basically everything you do in the VM is written to a cache file. When you shutdown the VM the cache file is deleted.
I do not think it matters how you read the email

furom · Aug 3, 2023, 7:13 PM

@AndyRH Ok. I will see if I can setup the VM as needed :) Thanks for the help! :)

provels · Aug 3, 2023, 7:14 PM

In Outlook, I move it to the Junk folder where all links are disabled and are displayed in plain text.

furom · Aug 3, 2023, 7:56 PM

@provels That would have been the easiest way. Unfortunately I don't have Outlook or a client that can access that mailserver. Thanks for the suggestion though :)

stephenw10 · Aug 3, 2023, 8:28 PM

Yeah, just open it as plain text. Use a text editor if required.

furom · Aug 3, 2023, 8:32 PM

@stephenw10 This was unusual... I have it right now on my webmail. I suppose you meant to use the text-editor on a downloaded pop email?

furom · Aug 6, 2023, 10:28 AM

@stephenw10 Hi Stephen,
the mail is on my webmail... I hear that browsers are secure in the way data cannot leave the tab/browser these days but not sure on that. But if true, wouldn't it be ok to just open it where it is? I don't seem to be able to download it as POP for some reason. To a new mailclient it should just look like a new unread email, right?

DKenn · Aug 6, 2023, 11:13 AM

Some email clients do support JS, however pretty much any email server will sanitize the HTML and/or reject any messages containing scripts - in other words opening an email on any client or webmail platform should be safe, just don't click on links or download and/or open attachments.

furom · Aug 6, 2023, 11:26 AM

@DKenn Thanks, I did find out and it seems to have been ordinary spam, just formatted very well so the filter missed it. All good I hope