• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

How to safely open sketchy email?

Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
12 Posts 5 Posters 918 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • F
    furom
    last edited by Aug 3, 2023, 6:40 PM

    Hi,

    What would be the best/safest way to open emails that are in between spam and possibly legit?

    A VM on a firewalled own net? Would all else be safe then? How would you guys do?

    1 Reply Last reply Reply Quote 0
    • A
      AndyRH
      last edited by Aug 3, 2023, 6:48 PM

      A read-only VM with very limited access to the internet (to get the email) and Zero (0) access to anything on your network. A packet capture if you care what it is doing.
      Better yet, when in doubt, delete.

      o||||o
      7100-1u

      F 1 Reply Last reply Aug 3, 2023, 7:04 PM Reply Quote 0
      • F
        furom @AndyRH
        last edited by Aug 3, 2023, 7:04 PM

        @AndyRH Thanks. Yes, the delete is normally my first practice. But sometimes they fall in a category where it actually could be something.

        How would I set up a read-only VM? The access part should be the easier part. How should I approach the email? With IMAP or POP? Will it matter at all in this scenario?

        1 Reply Last reply Reply Quote 0
        • A
          AndyRH
          last edited by Aug 3, 2023, 7:07 PM

          Many host programs have an option for a read-only or locked or etc VM. Basically everything you do in the VM is written to a cache file. When you shutdown the VM the cache file is deleted.
          I do not think it matters how you read the email

          o||||o
          7100-1u

          F 1 Reply Last reply Aug 3, 2023, 7:13 PM Reply Quote 0
          • F
            furom @AndyRH
            last edited by Aug 3, 2023, 7:13 PM

            @AndyRH Ok. I will see if I can setup the VM as needed :) Thanks for the help! :)

            1 Reply Last reply Reply Quote 0
            • P
              provels
              last edited by provels Aug 3, 2023, 7:14 PM Aug 3, 2023, 7:13 PM

              In Outlook, I move it to the Junk folder where all links are disabled and are displayed in plain text.

              Peder

              MAIN - pfSense+ 24.11-RELEASE - Adlink MXE-5401, i7, 16 GB RAM, 64 GB SSD. 500 GB HDD for SyslogNG
              BACKUP - pfSense+ 23.01-RELEASE - Hyper-V Virtual Machine, Gen 1, 2 v-CPUs, 3 GB RAM, 8GB VHDX (Dynamic)

              F 1 Reply Last reply Aug 3, 2023, 7:56 PM Reply Quote 0
              • F
                furom @provels
                last edited by Aug 3, 2023, 7:56 PM

                @provels That would have been the easiest way. Unfortunately I don't have Outlook or a client that can access that mailserver. Thanks for the suggestion though :)

                1 Reply Last reply Reply Quote 0
                • S
                  stephenw10 Netgate Administrator
                  last edited by Aug 3, 2023, 8:28 PM

                  Yeah, just open it as plain text. Use a text editor if required.

                  F 2 Replies Last reply Aug 3, 2023, 8:32 PM Reply Quote 0
                  • F
                    furom @stephenw10
                    last edited by Aug 3, 2023, 8:32 PM

                    @stephenw10 This was unusual... I have it right now on my webmail. I suppose you meant to use the text-editor on a downloaded pop email?

                    1 Reply Last reply Reply Quote 0
                    • F
                      furom @stephenw10
                      last edited by Aug 6, 2023, 10:28 AM

                      @stephenw10 Hi Stephen,
                      the mail is on my webmail... I hear that browsers are secure in the way data cannot leave the tab/browser these days but not sure on that. But if true, wouldn't it be ok to just open it where it is? I don't seem to be able to download it as POP for some reason. To a new mailclient it should just look like a new unread email, right?

                      1 Reply Last reply Reply Quote 0
                      • D
                        DKenn
                        last edited by Aug 6, 2023, 11:13 AM

                        Some email clients do support JS, however pretty much any email server will sanitize the HTML and/or reject any messages containing scripts - in other words opening an email on any client or webmail platform should be safe, just don't click on links or download and/or open attachments.

                        F 1 Reply Last reply Aug 6, 2023, 11:26 AM Reply Quote 1
                        • F
                          furom @DKenn
                          last edited by Aug 6, 2023, 11:26 AM

                          @DKenn Thanks, I did find out and it seems to have been ordinary spam, just formatted very well so the filter missed it. All good I hope

                          1 Reply Last reply Reply Quote 0
                          12 out of 12
                          • First post
                            12/12
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                            This community forum collects and processes your personal information.
                            consent.not_received