MS Outlook: View Message Headers to See Who Is the Sender.
Or You Pays Your
Monies and You Take Your Chances, Pt. 2 ![](https://www.eppresents.com/images/Chicolini.png")
One of the more enduring jokes from the 1933 Marx Brothers film, Duck Soup, is the famous retort: "Well, who ya gonna believe me or your own eyes?" This great one-liner is thought to be one of Groucho's most memorable jokes. This joke was actually cracked by Chico Marx.
This notion of "Who ya gonna believe?" is how hackers fool us into opening emails or clicking links that will lead us down the path of damnation and infection. Obfuscations in email is cited as the most common first step in a successful cyberattack. So, therefore, the first step in order to avoid being suckered into opening an attacker's otherwise bogus emails is to verify the source of the email, and not only the contents of the message. So, we must also do our best to verify the sender of the email.
The last Dispatch of August 15, 2024, discussed how to verify the contents of an email before interacting with that email. That is why it is recommended that all users of Outlook turn off the Reading Pane, also known as the Preview Pane. By turning the Reading Pane off any automation that might occur by simply clicking the email in the message list will (hopefully) be avoided. Another level of protection suggested is to read all Outlook mail in text only.
Spoofing email addresses has been a means for attackers to exploit vulnerabilities for some time now. According to Crowdstrike, email spoofing is defined as:
Email spoofing is a type of cyberattack that targets businesses by using emails with forged sender addresses. Because the recipient trusts the alleged sender, they are more likely to open the email and interact with its contents, such as a malicious link or attachment.
Most email spoofing attempts lead to phishing attacks. A
phishing email can appear to be from your bank, employer or boss, or use
techniques to coerce information out of you by pretending, for example,
to be a government agency.
The hacker could steal existing
account credentials, deploy ransomware, or acquire enough information to
open a new fraudulent account.
Thus, it is incumbent for anyone concerned with their own cybersecurity to verify the email addresses of senders before opening up any email. In fact, even a known sender could be spoofed. One example of how this could occur would be that an otherwise legitimate sender has been infected and their contacts and email accounts have been hijacked. This is especially common in businesses where email is exchanged among many different people from many different domains. This is one reason that Business Email Compromise (BEC) remains the most often cited first point of attack in a ransomware attack.
Although not absolutely foolproof — what is these days? — verifying that the sender's email address in the message headers is a legitimate address adds another layer of security to the conundrum that email has become today. Here is how that can be:
1. If the sender is a well known to a user, then the email address
in the header should match the known email address of that acquaintance.
2. More critically, and this is especially important in
business where a sender's email address might not be as familiar as
friends or family, you can evaluate the unknown address before engaging
with the message in question. Remember Gerry's maxim:
Know thy URL. Once the domain
name is ascertained, then easily available free tools on the Internet
can help you learn more about the nature of that domain. A
Dispatch of November 6, 2022, discussed how to use
Domain Name Lookup and an email checker to verify the veracity of an email
address. Also, verifying the domain name is required because
domain names themselves can be easily spoofed with common misspellings,
for instance. To better help learn how to evaluate
the efficacy of a URL, I invite you to review my
Dispatch of July 7, 2022, The Anatomy of an Address.
,
In that earlier Dispatch of July 07, 2022, I also discussed how to find the address of a sender when using Gmail without opening up the email message. The reason to verify the address of an email sender before opening that email is that, like so many other things in computing today, what you see — at least initially — may not be what you get. This same function is now more complicated in Outlook, however. In earlier versions of Outlook, a simple right click on the message in the message list would give users an easy way to see the email headers. Unfortunately, in Outlook 365, to view a message headers involves some prior steps to set things up so Outlook users can again easily view message headers.
So here are the steps.
| To Turn on Message Headers in MS Outlook 365 |
|
Like in Windows File Explorer, Microsoft thinks less is more
when it comes to toolbars and ribbons. In Outlook 365, the default setting is to display a collapsed Ribbon. Nevertheless, like with File Explorer, Microsoft does offer a means to display the Classic Ribbon in Outlook 365. From the Home tab, click the 3 Dot Control in the far right corner of the Outlook Ribbon. A drop down menu will appear. The last item displayed will be "Use Classic Menu." |
 |
|
Like shown below, Outlook users will now see the much easier to
use (in my opinion) Classic Outlook Toolbar. Right click on a blank spot in the far right of the Toolbar and a second drop down menu will appear. Here is where we can begin to add our own button to Display Message Headers. Left Click on Customize This Ribbon. |
 |
|
The next steps are far less complicated that they may first
appear to be. First, verify that you have the Home Tab selected from the Ribbon. The Customize the Ribbon Dialog Box will appear as an overlay on the Outlook screen. Step 1. Click the button on the Choose Commands from Combo Box. A drop down list will appear. There will be several options. Select All Commands from the drop down list. Step 2. On the lower right side of this screen, there are several buttons. Click the "New Group" button. New Group (Custom) will appear in the right side box under "Home." |
 |
|
Step 3. Scroll down the extensive list of All Commands
from the left side of the All Commands dialog box. Select "Message Options" from the list. Click the Add button. Message Options will now appear on the Main Tab on the Customize the Classic Ribbon Toolbar. Click the OK button to finish the task. |
 |
|
Now, when you click the Home Tab on the Classic Outlook Toolbar
a new button labeled "Message Options" will appear in the far right of the Classic Ribbon. When that button is clicked, the Message Options Dialog Box will appear as an overlay on the Outlook screen. |
 |
|
At the bottom of the Dialog Box the Internet Headers is
displayed. Much of what is displayed is best described as hash. So look carefully. I have chosen to demonstrate a business email that I often receive. Lendistry is a well known business loan processor that helped me during the pandemic. Look for the "From: " Line of the message sender. If this is an email from an acquaintance, you will be able to verify that. When the email comes from a business contact, verify that the sender's domain name match the known domain name of that particular business. If you are not sure, then you can use the aforementioned online domain tools to verify the legitimacy of the domain. |
 |
This is not foolproof. As the Crowdstrike article cited above states, email headers can also be spoofed. That, however, is less likely than is the simple spoofing of the sender's email address as it appears in the message list.
More than you can ever know, I truly understand that few people want to jump through these hoops to simply read an email. That, however, is not the world we live in — whether on the road or online. There are evil people in this world who want to hurt us; who want to steal from us; who simply want to make our lives miserable. We can ignore these facts and wait for the bus to run us over. Or, we pick up our tools and do what is necessary to protect ourselves. Moreover, as I constantly remind those who get my almost daily text telling them what to update that morning, it is far more time consuming and costly to clean up after a successful cyberattack that doing all that one can do to prevent a cyberattack in the first place.
So armed with the right tools, we can all learn to trust what our own truth telling eyes actually see, and not just what those eyes are shown on the surface. And that, my Dear Readers, is what motivates me to continuing posting The Dispatches From the Front.
Gerald Reiff
| Back to Top | ← previous post | next post → |
| If you find this article of value, please help keep the blog going by making a contribution at GoFundMe or Paypal | ||