How To View The Source Of An Email (Spam/Phishing Prevention)

Knowing how to check the source, as in the raw “code,” of an email is important because there will be times when you need to do it. Why? To check authenticity of an email. Spam and phishing emails are getting more tricky to identify all the time, and your best weapon against this is knowing how to check the source of an email.

Unfortunately it is the case where the process of getting the source of an email is distinctively different per provider or mail client, so here’s a quick cheat sheet on how to do it:

Hotmail

1. Right-click the email you want to view the source of.

2. Left-click View Message Source.

Example:

Important note: This can only be done when your emails are shown as a list. If you double-click to open an email whereas the message list is not seen, there isn’t a way to view the message source from there. You must right-click specifically on the email in list view (regardless of whether the reading pane is on or off.)

Yahoo! Mail

There are two ways in Y! Mail to view the source.

1. While in list view, right click the email you want to view the source of.

2. Left click View full headers. It will be last in the list.

Example:

or..

Whether reading a message or having it highlighted in list view, click the Actions button then Full Header.

Example:

Yahoo! Mail Classic

1. Open the email you want to view the source of.

2. Scroll all the way to the bottom and look for the tiny text on the extreme right that says Full Headers and click it.

Example:

Gmail

1. Open the email you want to view the source of.

2. Click the small down arrow on the right to drop down a menu.

3. Select Show original.

Example:

Windows Live Mail or Microsoft Outlook Express 6

The super-annoying long way

(This is not the way you want to do it because it takes too many steps. See super-easy way below this.)

1. Right-click the email you want to view the source of.

2. Select Properties, like this:

3. From the window that opens up, select the Details tab, like this:

4. In that same window, click the Message Source button, like this:

The super-easy way

1. Highlight or open the email you want to view the source of.

2. Press CTRL+F3

The F3 method is a completely undocumented feature, both in OE 6 and WL Mail. But trust me, it’s there. Try it for yourself.

Mozilla Thunderbird

1. Highlight any email in the message list or open an email.

2. Click View then Message Source.

Example:

or..

1. Highlight any email in the message list or open an email.

2. Press CTRL+U

Incidentally, this is the exact same keystroke used to view web page HTML source in the Mozilla Firefox web browser.

What headers should you check in the source?

Okay, so you know how to view the source of an email, but what do you look for?

The easiest thing to check is the Received: header. This will tell you up front where the email came from originally. The part that’s most important is the very end of the line where the dot-com/net/org is.

Example:

This email came from google.com (it was a Gmail address,) so I know this email is safe. What’s before the google.com doesn’t matter much as it’s the tail that counts. Spam and phishing attempts will attempt to fool you into thinking the mail was delivered from a trusted domain by inserting said domain in the middle. For example, a spam/phish would show as google.com.some.bad.site.ru or something similar. The google.com is in there, but not at the tail. That’s bad and it’s a spam/phish attempt.

Keep an eye on the tail side of a Received: header and you’ll easily be able to identify true trusted domains from spam and phishing attempts.