Helping people with computers... one answer at a time.

There are two kinds of mail that can end up in your junk or spam folder. It's really best not to look at the bad stuff!

If email is in my Junk folder, am I not supposed to open it? Sometimes, Hotmail puts things in Junk that I want to read. I suppose curiosity gets the best of me.

In this excerpt from Answercast #37, I look at the dangers of reading emails out of your junk folder and how to safely retrieve false positives.

Email in Junk folder

There are two classes of things that are going to end up in your junk mail folder.

  • One is absolutely spam: bad email that you really shouldn't open.

Nine times out of ten, it's probably okay. Most of the time, links will be blocked, scripting will be blocked by default, and so forth. So, if your curiosity does get the best of you on those and you really want to see what the spam is all about, it's probably not going to hurt you much.

I have to say "probably" because there's always a possibility of something going wrong – especially with maliciously crafted email:

  • Clearly, they are trying to make something bad happen.

  • Sometimes, it's as simple as just sending you to a website that you don't need to go to.

  • Sometimes, it's more nefarious than that.

Good mail, trapped

The other thing you're going to find in your junk mail folder (and the reason you do actually want to look at it from time to time) is:

  • Sometimes, legitimate email gets classified as junk.

That's something that you need to tell Hotmail about and the way you tell Hotmail about it is:

  • You open the email (that you know is email that you actually wanted; it's from someone you know or some place you were expecting email from).

  • And you click the Not Junk button at the top of the message.

It's actually very simple. What that will do is immediately move the mail that you just marked as not junk back to your inbox and you can continue to read it (or do whatever else you would want to do with it) from there.

So the junk mail folder is something that you do want to look at periodically with the intent that what you are looking for are "false positives." Mark those as "not junk" and act on them in your inbox as you normally would.

  • Everything else in your junk mail folder, in my opinion, you should just ignore.

Next from Answercast 37 – Are computer users getting smarter?

Article C5617 - July 23, 2012 « »

Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

July 23, 2012 10:04 AM

You can safely check spam by, right clicking on the email in question, a dialog box will open, at the bottom, you will see something that says "view message source" click that it will open in either a new window or tab. now you can see what is in the email with out any links or scripts being active.

This is for Hotmail and checking online, i'm not sure if it works with desktop email client or other email programs like, Yahoo, Google Thunderbird, ect i have not tested it.

Doing this you can see any links or scripts the true address where it came from the ip it was sent from and who all it was sent to.

Here is 2 example of email in my junk mail.
Esample #1 Subject is "Lucrative Venture."
When i check the source it something like this...

Authentication-Results:; sender-id=none (sender IP is header.from=Email address removed; dkim=none; x-hmca=none
X-SID-PRA: Email address removed
X-SID-Result: None
X-DKIM-Result: None
X-Message-Status: n:0:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02
X-Message-Info: aDBdQ0mjgik0T1uClwKru4UOfbwfKhxmCWrDz84jar09z+1HUJ7GLZpq46vFwNlUVw56Bg/LeMaOVuSNyu3yb0RKTwBJsRKEe+jHRygkPOrZN+4AoSVfXEm0/GnNSGoNv3mMZO59vmg+tZ4zFS/QBQ==
Received: from ([]) by with Microsoft SMTPSVC(6.0.3790.4900);
Sun, 22 Jul 2012 04:25:08 -0700
Received: from User ([])
; Sat, 21 Jul 2012 10:55:58 +0400
From: "Joseph Yun"
Subject: Lucrative Venture.
Date: Sat, 21 Jul 2012 07:56:02 +0100
MIME-Version: 1.0
Content-Type: text/plain;
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Return-Path: Email address removed
X-OriginalArrivalTime: 22 Jul 2012 11:25:09.0052 (UTC) FILETIME=[A6BE47C0:01CD67FC]

Dear Friend,

My name is Joseph Yun, the financial controller at China Trust Commercial
Bank in Beijing, and I am getting in touch with you regarding a business deal
worth $US37.5 Million in my control which will be executed under a legitimate

I am contacting you independently and will intimate you more about myself and
details of the project if and when I receive your response.
Kindly get back to me on my private email if you are interested in partnering
with me on this project.
Contact me via my private email:

joseph Email address removed

Joseph Yun.

Example #2 Subject is: Dear (Name removed)
When i check the source on this one i see this...

Authentication-Results:; sender-id=none (sender IP is header.from=Susana Email address removed; dkim=none header.d=Email address removed; x-hmca=none
X-SID-PRA: Susana Email address removed
X-DKIM-Result: None
X-Message-Status: n:0:n
X-SID-Result: None
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02
X-Message-Info: z6+tzUa3IoSkHoZNP7yC+dxG69zlxLMENEKj2bMsNLKT6GqrvOOhCvQuzbIck+41Cf5jWTNWbEVbfJdqhWfjvDzvamA/gUERwFAdGB/Iuocy7JZUy0tIkzzJoEVeCBd1rgErwvHNXjnJ8vm0glpDkg==
Received: from ([]) by with Microsoft SMTPSVC(6.0.3790.4900);
Mon, 23 Jul 2012 08:42:15 -0700
To: "Name removed"
Subject: Dear Name removed
From: "Coleen"
Date: Mon, 23 Jul 2012 18:42:16 +0300
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: IPS PHP Mailer
MIME-Version: 1.0
Content-type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Return-Path: Email address removed
X-OriginalArrivalTime: 23 Jul 2012 15:42:15.0948 (UTC) FILETIME=[BC4D8CC0:01CD68E9]

[[embedded HTML document removed for safety.]]

I removed all names and email address for obvious reasons, it is safe to check this way and find information about spam mail.

July 24, 2012 7:14 PM

If you can, open the suspect email in a sandbox. It can't do anything unless you let it out.

July 26, 2012 9:56 AM

If the default for your e-mail viewer included a 'preview pane', then you've effectively already opened it...

On a different note - I have been receiving an increasing number of e-mails from my own e-mail account (yes, I know it's spoofed) supposedly about an employment offer. ANYONE who opens a 'job offer' FROM THEMSELVES clearly needs to rethink their security strategy.
I'm just glad my e-mail portal allows me to mark these as 'junk', as I know some will not.

July 30, 2012 7:51 AM

Thanks Bob, years ago I did a computer course and was advised to close all preview panes for emails for your reason, they are effectively already open and the malicious gremlins could perhaps begin their work. Lately I was wondering if this was still the case, and I guess it is.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to to ask your question.