User profile for user: Jarmaracark
Jarmaracark Author
User level: Level 1
99 points

Best way to check if mail is legit

Spam filters are great but they can never filter out everything. Sometimes I need to check. I know that merely opening a message will notify the sender it is a "good email" and someone opens it.


Sometimes merely moving the cursor down marks the message read.


1) Is that just an internal marker for me, or does the sender get notified?


When I am suspicious, I click on View/Message/Default Headers.

There I check the domain names.  


2) Is there something else I should look for in this section?


Then in View/Message/Raw Search

I search for “http" and “ip”

Essentially, I look for anything but the domain name. I look for the use of zero instead of the letter o, etc. I lookup ip addresses using whois. It seems that every link must have "ip" or "http."


Is there something else to look at here?



If suspicious, I go directly to the phone I have on file or to the website without opening the mail or clicking on anything. So far, this has avoided problems, but I'm not sure if I'm missing something else in my reviews. I know the general advice, about avoiding spam, but at least once a day there is a questionable one.






MacBook Air

Posted on Dec 19, 2019 11:03 PM

Reply
Question marked as Top-ranking reply
User profile for user: Barney-15E
Barney-15E
User level: Level 10
122,222 points

Posted on Dec 20, 2019 4:45 PM

I know that merely opening a message will notify the sender it is a "good email" and someone opens it.

Only if it has embedded HTML content. You can block loading of remote content in Mail's preferences, Viewing tab.


I consider every email I get that I am not expecting to be spam. I really don't have to check anything.


If an email purports to be from a company I do business with, especially banks, I assume it is nefarious. I have no need for email from the companies or banks. I can get all information I need from them on their web portal.


If you really think it is a valid email, go to the company's web site using the normal means you would access it, not via the email.


Other things to check or is the domain is correct. The format for a domain is something.domain.topleveldomain. The top level domains include com, net, org, etc. Additionally, country specific forms like co.uk, co.au.

If there is anything else that breaks up the .domain. pattern, it is most likely bogus. For instance, www.apple.com is valid. wwwapple.com is fake, www.support-apple.com is fake.


View in context

Similar questions

4 replies
Question marked as Top-ranking reply
User profile for user: Barney-15E
Barney-15E
User level: Level 10
122,222 points

Dec 20, 2019 4:45 PM in response to Jarmaracark

I know that merely opening a message will notify the sender it is a "good email" and someone opens it.

Only if it has embedded HTML content. You can block loading of remote content in Mail's preferences, Viewing tab.


I consider every email I get that I am not expecting to be spam. I really don't have to check anything.


If an email purports to be from a company I do business with, especially banks, I assume it is nefarious. I have no need for email from the companies or banks. I can get all information I need from them on their web portal.


If you really think it is a valid email, go to the company's web site using the normal means you would access it, not via the email.


Other things to check or is the domain is correct. The format for a domain is something.domain.topleveldomain. The top level domains include com, net, org, etc. Additionally, country specific forms like co.uk, co.au.

If there is anything else that breaks up the .domain. pattern, it is most likely bogus. For instance, www.apple.com is valid. wwwapple.com is fake, www.support-apple.com is fake.


Reply
User profile for user: Jarmaracark
Jarmaracark Author
User level: Level 1
99 points

Dec 20, 2019 5:02 PM in response to Barney-15E

I don't always know that someone is sending me mail or not.


I can check the domain in the code by searching for ip and http and I don;'t need to worry about the "verb" as it will always need a location.......is that correct? I know the different endings and how someone can make something almost look like it.


Am I correct then in only needing to search headers then raw code as above, being careful for an exact match of domains (with the exception of some fonts going to safe places)?

Reply
User profile for user: Barney-15E
Barney-15E
User level: Level 10
122,222 points

Dec 20, 2019 7:12 PM in response to Jarmaracark

I don;'t need to worry about the "verb" as it will always need a location.......is that correct?

Not sure what you mean by verb and location.


Yes, you can look for ip or http to find an address, but you have to know what is a valid domain and what is a spoof, beyond the replacements you noted. The "ending" isn't the important part. It is the part between the second to last dot and the ending.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Best way to check if mail is legit

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up