Back to home

How to Forward Emails for Phish Check

To get the most accurate analysis, forward suspicious emails as an attachment. This preserves the email headers — technical information that reveals where the email really came from.

Send to: [enable JavaScript to see email]

Important: Forward from the email address you used to purchase Phish Check. That's your registered email for the service. Need to use a different email? Contact [enable JavaScript to see email].

Quick Reference

Email ClientMethod
Outlook (Desktop)Right-click → Forward as Attachment
Outlook (Web)Three dots → Forward as attachment
GmailThree dots → Forward as attachment
Apple MailForward As Attachment (Edit menu)
Yahoo MailThree dots → Forward as attachment
ThunderbirdRight-click → Forward As → Attachment

Detailed Instructions

Microsoft Outlook (Desktop - Windows/Mac)

Method 1: Right-Click

  1. Right-click on the suspicious email in your inbox
  2. Select Forward as Attachment
  3. Enter: [enable JavaScript to see email]
  4. Click Send

Method 2: Menu

  1. Select the suspicious email
  2. Go to Home tab → More Forward as Attachment
  3. Enter: [enable JavaScript to see email]
  4. Click Send

Keyboard Shortcut: Ctrl+Alt+F (Windows)

Outlook on the Web (outlook.com, Office 365)

  1. Open your inbox (don't open the suspicious email)
  2. Right-click on the suspicious email, OR click the three dots (...)
  3. Select Forward as attachment
  4. Enter: [enable JavaScript to see email]
  5. Click Send

Gmail (Web)

  1. Open your inbox (don't open the suspicious email)
  2. Right-click on the suspicious email, OR select it and click the three dots (...)
  3. Select Forward as attachment
  4. Enter: [enable JavaScript to see email]
  5. Click Send

Note: If you don't see this option, you can also:

  1. Open the suspicious email
  2. Click the three dots (...) in the top right
  3. Select Show original
  4. Click Download Original
  5. Create a new email to [enable JavaScript to see email] and attach the downloaded file

Gmail (Mobile App)

The Gmail mobile app doesn't support forward as attachment. Options:

Option 1: Wait until you're at a computer to forward properly.

Option 2: Use regular forward (less accurate but still works):

  1. Open the email
  2. Tap Forward
  3. Send to: [enable JavaScript to see email]

We can still analyze the content, but without full headers our verdict may be less certain.

Apple Mail (Mac)

Method 1: Menu

  1. Select the suspicious email (don't open it)
  2. Go to Message menu → Forward As Attachment
  3. Enter: [enable JavaScript to see email]
  4. Click Send

Method 2: Keyboard

  1. Select the suspicious email
  2. Press Command + Option + F
  3. Enter: [enable JavaScript to see email]
  4. Click Send

Apple Mail (iPhone/iPad)

The iOS Mail app doesn't support forward as attachment. Options:

Option 1: Wait until you're at a Mac to forward properly.

Option 2: Use regular forward (less accurate but still works):

  1. Open the email
  2. Tap the Reply arrow
  3. Select Forward
  4. Send to: [enable JavaScript to see email]

Yahoo Mail (Web)

  1. Select the suspicious email (don't open it)
  2. Click the three dots (...)
  3. Select Forward as Attachment
  4. Enter: [enable JavaScript to see email]
  5. Click Send

Thunderbird

  1. Right-click on the suspicious email
  2. Select Forward As Attachment
  3. Enter: [enable JavaScript to see email]
  4. Click Send

Keyboard Shortcut: Ctrl+L

ProtonMail

  1. Select the suspicious email
  2. Click More (three dots)
  3. Select Forward as attachment
  4. Enter: [enable JavaScript to see email]
  5. Click Send

If Your Email Client Isn't Listed

Look for one of these options:

  • "Forward as Attachment"
  • "Forward As" → "Attachment"
  • "Redirect" (some clients)

Usually found in:

  • Right-click menu on the email
  • Three dots (...) or "More" menu
  • Message menu in the menu bar

Can't Forward as Attachment?

If your email client doesn't support forwarding as attachment, you can still use Phish Check with a regular forward. We'll analyze the content and visible information — our verdict may just note that full headers weren't available.

Regular forward still helps detect:

  • Suspicious links
  • Urgency tactics and pressure language
  • Spoofed display names
  • Content red flags
  • Too-good-to-be-true offers

Full headers help detect:

  • Sender authentication failures (SPF, DKIM, DMARC)
  • Server reputation
  • Email routing anomalies
  • Spoofed sender addresses

Questions?

Email [enable JavaScript to see email]

Phish Check by Craig Peterson