How you view message headers in Outlook

Viewing message headers is helpful for troubleshooting, and also making sure you’re not getting phished. Microsoft moved things around in recent versions of Outlook, so here’s how to view message headers in Outlook–the current version.

View message headers in Outlook

view message headers in Outlook
The properties window hasn’t changed much in 20 years but the way you pull it up moves around from time to time. It’s under File > Properties now.

The message headers are one of those things Microsoft likes to move around from version to version in Outlook. It’s not something you need every day, but there are useful things you can do with message headers, like find phishing or verify encryption, so it’s helpful to be able to do it.

To view message headers in Outlook, double click on the message. Then navigate to File > Properties. A window pops up with lots of settings and options and other details. At the bottom of the window, just above the Close button, there’s a section called Internet Headers. That’s what you want.

Google’s Gmail has similar capability but they do just as good of a job of hiding it.

Find phishing in message headers in Outlook

Finding phishing is as much an art as a science. But once you pull up the message headers, sometimes you can just tell something’s not right.

It helps to pull up a known legitimate message, copy out the Internet headers, then pull up the suspect massage and look at it. If you see weird domains in it that aren’t in the legitimate message, start asking questions.

And as a security professional, frankly I do recommend you start asking lots of questions. I once worked for a company whose CISO said he was going to start making an HR issue out of failed phishing tests. I don’t know how pervasive that attitude is, but the only way that’s going to change is if those phishing campaigns start costing too much money. Phishing is a legitimate problem but that doesn’t mean companies are handling it right.

One tell to look for when it comes to internal phishing campaigns is to look for domains with words like kb4 in them. Me telling you that doesn’t make you more secure, but it helps you pass the test.

Use message headers to check encryption

The second useful trick with message headers in Outlook is checking for encryption. You don’t want to be sending sensitive information in plaintext over e-mail. Most major mail providers encrypt their connections now to prevent this, but many will fall back on unencrypted communications if something goes wrong.

To check whether a message was sent over an encrypted channel, pull up the headers, then search for the string TLS. Hopefully you’ll find a line that looks something like this:

(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);

If you do, that tells you the message was sent over an encrypted channel, so you can send sensitive information over that connection to at least some extent. Your organization probably has policies over what kind of information requires sending messages that are fully encrypted.

If you found this post informative or helpful, please share it!