Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Is it safe to look, just look, at spam?


I’m interested in looking at what junk and spam I’m getting without
jeopardizing myself. So I download mail in Gmail and Hotmail messages in
Outlook Express and read them there. Both are good at weeding out spam and
junk. They keep these for 30 days and then delete them. I want to read these at
least on the Gmail or Hotmail web pages, just read and not click on anything.
Is this dangerous? Might I get a malware or spyware foisted on me without my

In this excerpt from
Answercast #96
I look at safety precautions to take if you ever want to
look at spam emails.


Just looking at spam

In general, as long as you are very careful not to click on anything in those messages; never enable the display of images in those messages; and never reply to any of those messages – what you’re describing is usually pretty safe to do.

In fact, you can do it on the web or in your email program. Whichever one is more comfortable for you.

Curious about spam

I tend to do it from time to time when I’m curious about where spam comes from.

In other words, I’ll go over to my spam folder, I’ll take a look at that the spam that I happen to be curious about. I’ll open it; I won’t reply to it; I won’t enable images; and I won’t click on any of the links – but I will “view source.”

View email source code

Depending on your email program, there are different ways to do that – but that will let you see the full headers and the HTML underlying the email message and so forth. Those typically are safe things to do.

Simply be very careful not to do anything that would cause anything to happen such as: replies, clicking on links, showing images.

Spam attachments

Now. I didn’t say it because it seems pretty obvious – but I’ll say it anyway. Don’t ever open any attachment that comes with spam.

Just don’t. Those are too dangerous. There are ways for people to open them safely but they are not things that I feel in any way comfortable recommending to anybody. Attachments are things that you really need to take some extra steps before you open – so avoid the attachments.

But go ahead and have a look at the body. Just make sure nothing “happens”.

(Transcript lightly edited for readability.)

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

6 comments on “Is it safe to look, just look, at spam?”

  1. Hello..
    What exactly happens when you click on “display images from XYZ@ABC.COM“?
    Do the images load from that particular server?
    Or the images are already on your email-providers server (Or your inbox) and they get loaded only when you say so?

  2. I’ve heard that even clicking on the email, itself, can often send a single byte back to the sender that verifies they’ve got a live ip address. I don’t know if that’s another hyped gotcha like the one about cookies, which caused me to nearly render my browser worthless because I didn’t allow ANY cookies.

  3. It is fairly safe to open infected emails provided your browser or your email program eg Outlook,Thunderbird is run in a sandbox environment.Do NOT save{recover option} outside the sandbox.
    I use sandboxie which is good and free.{ minor 5 second buy nag screen after trial version expires}

    Bad emails can also be opened safely with a non writable Linux boot disk that includes Firefox browser for viewing .

  4. Using IE or MSN Explorer (same engine) I can right-click the e-mail and select View Source. Like Leo, I sometimes am curious about a few e-mails. Some actually have excerpts of interesting stories or news articles. Since it is text only, it is fairly safe to read. Of course, if I can’t read it at all, I just delete it – then delete it again from the Deleted folder (as I do with all Junk e-mail).

    I mostly use this to copy the source code, including headers, to report spoofing or phishing attempts. Just forwarding the e-mail often deletes the headers, while copying the source code retains them.

  5. @Tushar
    The remote messages are stored on the computer where the sender has linked to in that email. They are not downloaded by your email service provider, and don’t get downloaded until your email program or browser downloads them.
    How does blocking pictures in an email protect my privacy?
    @Texas Mike
    This might also be the live address notification you are talking about. If you don’t download the pictures, nothing will be sent to the spammer.

  6. I find myself sometimes looking at bogus emails, many of which look incredibly like my banking and financial pages, obviously without enabling images or downloading attachments. I look for grammatical errors and anything else that I may deem suspicious.
    I marvel at how close to perfect some of these malicious emails have become. It looks like they’ve been doing their homework on how to deceive even savvy users.
    NEVER respond to ANY email that looks like it was sent by a financial institution, no matter how real it may look.


Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.