Maybe.
In other words, is opening and reading a message suspected to be spam dangerous?
While there’s always risk, it’s not nearly as bad as it once was. As long as you follow a few precautions, you’re typically safe.
Looking at spam
You can usually look at spam without getting infected, but you still need to be careful. Don’t click links, even unsubscribe links. Don’t show images, don’t download attachments, and don’t reply. If you’re curious, you can view the message source to investigate safely.
Don’t click on links
You’ve covered this in your question, but I want to emphasize it: never click on a link in suspected spam, even if that link says “unsubscribe”. There’s no unsubscribing from spam, and a link that tells you otherwise is lying. Spammers lie.
The risk is that you’ll be taken to a malicious website. In the worst case, you might download malware. You may land on a phishing site: a page designed to look like an official site you probably use, and fool you into entering your sign-in credentials. That’s handing over your credentials to a spammer.
Help keep it going by becoming a Patron.
Don’t display images
It can be tempting to wonder what the images accompanying a message might show. Resist the temptation.
The images themselves are rarely malicious these days, but the act of displaying them can signal to the spammer that your email address is legit and read by a real person. The net result: more spam.
Don’t download attachments
Many spam emails include attachments as part of their attempts to fool you. The email may look like a legitimate message asking you to open the attachment for more information or details about some supposedly serious situation.
The attachment has malware. Hopefully, downloading it to your PC will cause your anti-malware tools to flag it as such, but we can’t count on that. Don’t download it, and don’t open it if you do.
Don’t reply
Replying to spam tells the spammer that your email address is legit and read by a real person. Again, the result: more spam.
It’s tempting to reply to spam in an attempt to tell the spammer to stop (or worse). There are many problems with doing so. To begin with, even if they do read your email, they’re not going to pay attention to it. Very often, spam is crafted in such a way that a reply goes to some innocent third party who has nothing to do with it at all.
Spam curiosity
I tend to look at suspected spam from time to time when I’m curious about where it came from or if I’m investigating whether it actually is spam.
I’ll open it to view, and following my advice above:
- I don’t click any links.
- I don’t display the images (no matter how curious I might be).
- I don’t download any attachments.
- I don’t reply to it.
What I will do is view the source code.
Email source
Email is generally encoded in two sections:
- The headers, which control and document how the message is routed across the internet.
- The body, which is typically the HTML code that makes up the message you see.
Most headers, other than the To:, From:, Date:, Subject:, and perhaps other common fields, are not displayed. They’re technical details you normally don’t need to see.
The body is displayed as the rendered HTML, meaning that you see the message rather than the raw HTML1 code that makes up the message.
But you can choose to look at the “behind the scenes” message, its source code.
Viewing email source
How you view the source, original, raw, or headers code — all terms that refer to the email source code — depends on the mail interface you’re using.
Consider this “suspect” spam.
In my email interface2, clicking on the “Actions” menu gives me the option I’m looking for.
I click on Show raw message, and here’s what I see.
That’s the first of 837 lines of information in the raw message. You can see it starts with various notations about spam detection, where the message came from, and more. Eventually (perhaps halfway down), the actual message body is included as well.
It’s this information that gets analyzed when the computer decides if something is or is not spam.
The good news here is that this, too, is safe to look at if you’re so inclined. As long as you don’t act on any of the URLs or email addresses you find in the message source code, you’re fine.
Do this
For the most part, there’s little reason to examine spam, but I get that we’re often curious. It’s safe to do as long as you follow the “don’ts” listed above.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
Great article as always Leo. I agree, don’t click on anything in SPAM messages.
I was just reading about Starkiller that appears to be able to send you to the legit site but with them in the middle collecting all the keystrokes.
This is really scary. Would I be right in assuming that this may also fool a password manager into thinking you are on the legit site?
What can we do to prepare ourselves?
The best protection is to never ever click on any links in an email, even if you are sure you know the source of the email. It’s just not worth the risk.
“Never ever click on any links in an email, even if you are sure you know the source of the email.”
That doesn’t seem possible. Isn’t email how we share with friends and family a great YouTube video or newspaper article or AskLeo column or …. ?
And isn’t it done with links to them?
I stand corrected. I get all my video links embedded in messaging apps so I didn’t think of that.
I don’t understand how I can read my email if I cannot open my email. Does this include GMAIL as well? Thank you Leo!
Leo didn’t say not to open the email to look ar it. He said:
Don’t click on links
Don’t display images
Don’t download attachments
Don’t reply
I will “hover” my pointer over a link to see the actual link address displayed elsewhere on my screen. If the link address is to the webpage address that I recognize as legitimate (including making sure the legit address isn’t part of in not-legit address or that the address is not a mis-spelling of of the legit address). Am I overlooking something that puts me at risk? I am thinking of “Steve_K2” comment of Feb. 26 and Jonathan comment of Feb. 20.
You hinted at it in your question
АSKLЕО.СОM is not the same as ASKLEO.COM. The first includes Cyrillic characters. I use Cyrillic characters to avoid censorship in sites like Facebook.
What is the advantage of looking at the “raw” (or “original” in gmail) message? What would I be looking for , or, how would it be safer than reading the “un-raw” (or “un-original”) message (whichever the case)? In the case of gmail, I think I have to open the message in order to see the “raw” (“original”).
It’s not necessarily safer. It gives you clues about origin the spam and more for analysis..
Just looking at it in either form is safe. The RAW version exposes more information about the nature of the message for those who understand things like email headers.