Is there a simple way to see the full e-mail address of a sender on an iPad, to help me identify scammers or fake senders? We are receiving e-mails supposedly from reputable companies. On an iMac I can see the full sender addresses, and tell when they are wrong. But on a new iPad, the full sender address does not show up. I am trying to help our family learn to avoid fake or scam e-mails. Thanks for any help.
iPad Air
Part #1
Be aware that sender addresses are trivial to spoof - may therefore be an unreliable method of establishing the true Sender's email address. While checking the Sender's address is one element of checks that you might sensibly perform, reliance upon this alone to identify legitimate email is unsafe. Of itself, this check provides no assurance of safely or legitimacy.
The native iOS/iPadOS Mail App does not expose the full Mail Header of received mail messages. Many third-party Mail Apps are more flexible in this regard - and may provide access to the full mail header for inspection and analysis. You should understand, however, that Mail Headers are not necessarily trivial to decode, but do contain lots of information that is significantly more difficult to obscure.
Scam email sent by fraudsters will often have a spoofed Sender's address that appears to be [or is] entirely legitimate - however, embedded links within the mail body or attachments will not direct you to the legitimate website and associated resources - but instead will link elsewhere. While some scam email is relatively easy to identify, many professional scammers are very adept at constructing email and spoof websites that closely resemble the material that they are attempting to imitate in their objective of committing fraud.
Be very wary of allowing your iPad or other Apple devices to automatically download embedded images and content - as you will have no opportunity to verify legitimacy of the mail or its embedded content prior to download. Automatically downloading embedded image and content comes with many risks - not least that retrieving embedded content from the scammers server confirms that the target email address is likely active and monitored by the potential victim.
Should you choose to do so, there are some settings and practices that (a) can usefully reduce your exposure to risk - and (b) provide opportunity to check legitimacy of an email and embedded links/content before they are downloaded to your devices...
Assuming that you are using the native iPadOS Mail App and Safari as your browser, ensure that your Mail App does not automatically download remote content:
Settings > Mail > [Messages] Privacy Protection > Block All Remote Content - set to ON
This security measure is intended to inhibit loading of potentially unsafe content - until such time as the recipient has had opportunity to review the email and determine whether or not the received email is from a trusted or expected source. Where images and other content have not been automatically dowloaded (as advised), you may see a message at the top of the received email. For example…:
Only when you are satisfied that the email itself is considered safe would you tap the link to download the embedded content.
By delaying loading of images until the body text is verified by the recipient, potentially malicious content and trackers are not loaded before the recipient has had opportunity to verify that the email is from an expected source or sender - or, for unsolicited email, taken the positive decision to download all content. Most legitimate email has adequate “body” to establish whether of not the email is (a) legitimate and (b) of interest to the sender.
If instead all content is loaded by default, malicious content is given opportunity to run malicious code or attempt a malware exploit. Similarly, images that contain (or are themselves) trackers will notify the actor that the email has been opened. At the very least, the sender of a broadcast phishing email is notified of a “live” mail account and recipient.
Delaying download of embedded content has a secondary benefit. When accessing your email over a slow internet connection, the majority of your email messages can be quickly downloaded - without having to wait for bandwidth-hogging download of images and large attachments. This material can be selectively downloaded, if required, after reviewing the body text of the associated email message.
// continued.
Part #1
Be aware that sender addresses are trivial to spoof - may therefore be an unreliable method of establishing the true Sender's email address. While checking the Sender's address is one element of checks that you might sensibly perform, reliance upon this alone to identify legitimate email is unsafe. Of itself, this check provides no assurance of safely or legitimacy.
The native iOS/iPadOS Mail App does not expose the full Mail Header of received mail messages. Many third-party Mail Apps are more flexible in this regard - and may provide access to the full mail header for inspection and analysis. You should understand, however, that Mail Headers are not necessarily trivial to decode, but do contain lots of information that is significantly more difficult to obscure.
Scam email sent by fraudsters will often have a spoofed Sender's address that appears to be [or is] entirely legitimate - however, embedded links within the mail body or attachments will not direct you to the legitimate website and associated resources - but instead will link elsewhere. While some scam email is relatively easy to identify, many professional scammers are very adept at constructing email and spoof websites that closely resemble the material that they are attempting to imitate in their objective of committing fraud.
Be very wary of allowing your iPad or other Apple devices to automatically download embedded images and content - as you will have no opportunity to verify legitimacy of the mail or its embedded content prior to download. Automatically downloading embedded image and content comes with many risks - not least that retrieving embedded content from the scammers server confirms that the target email address is likely active and monitored by the potential victim.
Should you choose to do so, there are some settings and practices that (a) can usefully reduce your exposure to risk - and (b) provide opportunity to check legitimacy of an email and embedded links/content before they are downloaded to your devices...
Assuming that you are using the native iPadOS Mail App and Safari as your browser, ensure that your Mail App does not automatically download remote content:
Settings > Mail > [Messages] Privacy Protection > Block All Remote Content - set to ON
This security measure is intended to inhibit loading of potentially unsafe content - until such time as the recipient has had opportunity to review the email and determine whether or not the received email is from a trusted or expected source. Where images and other content have not been automatically dowloaded (as advised), you may see a message at the top of the received email. For example…:
Only when you are satisfied that the email itself is considered safe would you tap the link to download the embedded content.
By delaying loading of images until the body text is verified by the recipient, potentially malicious content and trackers are not loaded before the recipient has had opportunity to verify that the email is from an expected source or sender - or, for unsolicited email, taken the positive decision to download all content. Most legitimate email has adequate “body” to establish whether of not the email is (a) legitimate and (b) of interest to the sender.
If instead all content is loaded by default, malicious content is given opportunity to run malicious code or attempt a malware exploit. Similarly, images that contain (or are themselves) trackers will notify the actor that the email has been opened. At the very least, the sender of a broadcast phishing email is notified of a “live” mail account and recipient.
Delaying download of embedded content has a secondary benefit. When accessing your email over a slow internet connection, the majority of your email messages can be quickly downloaded - without having to wait for bandwidth-hogging download of images and large attachments. This material can be selectively downloaded, if required, after reviewing the body text of the associated email message.
// continued.
If you click on the email address header area the actual address should show.
Part #2
You may not be aware of Safari's Preview function, whereby you can preview a link URL and/or the link itself before fully loading the linked resource. To use this function, simply touch-and-hold a link to preview. By example, if were were to touch-and-hold your profile name (that appears above your post here), I can see the URL path associated with your full user profile:
By looking at the URL, I can see that the path genuinely links to https://discussions.apple.com/... this being a legitimate resource. Being satisfied that the link is not malicious, I can (if I choose to do so) select Tap to Show Preview so as to review the linked content in separate browser tab. Note that selecting Show Preview will download what might be unsafe content in a thumbnail window.
Safari's preview function is available system-wide - and is not just limited to reviewing embedded links in Mail. This is a powerful and flexible tool that can by used anywhere that you can interact with embedded links or images.
Additional Mitigation
Linked content can be downloaded from both legitimate and malicious sources. As such, it is advisable to protect yourself where you can. There are multiple tools and techniques that can be used - and when used together provides effect defence in-depth.
The majority of threats to which you will be exposed surface via web pages or embedded links within email or messaging platforms. Browser-based attacks can be largely mitigated by installing a good Content/Ad-blocking product. One of the most respected within the Apple App Store - designed for Apple devices - is 1Blocker for Safari.
https://apps.apple.com/gb/app/1blocker-for-safari/id1365531024
1Blocker is highly configurable - and crucially does not rely upon an external proxy-service of dubious provenance, often utilised by so-called AntiVirus products intended for iOS/iPadOS. Instead, all processing by 1Blocker takes place on your device - and contrary to expectations, Safari will run faster and more efficiently.
Unwanted content is not simply filtered after download (a technique used by inferior products), but instead undesirable embedded content is blocked. The 1Blocker product creates a ruleset that is actually processed by Safari. 1Blocker has also introduced its new “Firewall” functions - that are explicitly designed to block “trackers” and will augment existing protection built-in to iPadOS. Being implemented at the network-layer, this additional protection works across all Apps. Recent updates to 1Blocker has introduced additional network extensions, extending protection to other Apps.
A further step to improve protection from exploits is to use a security focussed DNS Service in preference to automatic DNS settings. This can either be set on a per-device basis in Settings, or can be set-up on your home Router - and in so doing extends the benefit of this specific protection to other devices on your local network. I suggest using one of the following DNS services - for which IPv4 and IPv6 server addresses are listed:
Quad9 (recommended)
9.9.9.9
149.112.112.112
2620:fe::fe
2620:fe::9
OpenDNS
208.67.222.222
208.67.220.220
2620:119:35::35
2620:119:53::53
Cloudflare
1.1.1.1
1.0.0.1
2606:4700:4700::1111
2606:4700:4700::1001
Security focused DNS providers intentionally "sink hole" known bad or malicious websites and resources - this providing an additional layer of protection beyond that provided by your device and its Operating System. These DNS services will, when used alongside 1Blocker or other reputable Content Blocker, provide defence in depth.
// continued...
Part #3
There are advanced techniques to further “harden” iOS/iPadOS (such as using DoH, DoT and DNSSEC); while fully and effectively supported by iOS/iPadOS, Apple doesn’t expose this capability via device settings - but there are easy ways to access this functionality. Aside from installing a device-profile from a external device-management system, a really easy way to set and manage DoH/DoT settings is to use a third-party utility App - DNSecure:
https://apps.apple.com/app/dnsecure/id1533413232
This App does exactly what is needed to effectively configure DoH/DoT - and is free to download and install. Many DNS providers are already preconfigured - including Quad9 and Cloudflare. Additional secure DNS providers can be added if required.
Apple has recently introduced its new Private Relay to its iCloud+ subscribers - in part employing ODoH (a variant of DoH) as an element of this new functionality. While this feature is principally intended as an aid to privacy as opposed to threat and vulnerability mitigation, it does provide some useful protection where other mitigation measures are not employed. More details of the Private Relay feature can be found here:
About iCloud Private Relay - Apple Support
In summary, there are many mitigations that you can use to better secure your iPad from potential threats. A good content blocker, combined with secure DNS and other protections offered by iPadOS can reduce your exposure to malicious links, content and threat actors.
I hope you find this information and insight to be helpful.
Thank You, LotusPilot, for all the great information and advice. I truly appreciate your generosity in sharing your deep knowledge of this subject and your kindness in helping me try to learn a new device.
Thank You!
You’re welcome
You're very welcome - and thank you for kind words. It's my pleasure to provide guidance and thorough explanation where it is warranted.
One-line responses are too easy 🙂
how to get full sender e-mail address on iPad (to spot scammers)
