Q: Is there an easy way to view security information about incoming messages in Microsoft Outlook?

A: Microsoft doesn't seem to make it easy in Outlook to control some security aspects for inbound messages or to empower us to make decisions about the content of specific messages. We can force inbound messages to render in plain text; however, this setting is for all messages by default with exemption options for specific senders. We can view header information for a specific message, but the option to do so is hard to find and not very intuitive.

The company XIntercept has created a small toolset for Outlook called PocketKnife Peek. (This tool is in addition to the company's PocketKnife product, which provides better integration of Outlook contacts with Microsoft Word). PocketKnife Peek lets users view aspects of email messages prior to opening them in Outlook itself. Peek lets you perform four actions on a message:

  • view the message in plain text
  • view the HTML source
  • view the Internet header content
  • see attachment list, including lists of files within unprotected .zip files

PocketKnife Peek uses a standard installation and can be deployed on Outlook 2000 or later, but only on the 32-bit version of Outlook 2010. As with all Outlook add-ins, Outlook must be restarted in order for the new add-in to load. After Outlook is restarted, Peek is integrated into the Outlook Ribbon in Outlook 2010 and in the toolbar for earlier versions. Peek is also incorporated into the context menu (right-click menu) when an email message is selected. Figure 1 shows the options from the Peek menu in the Outlook 2010 Ribbon.

Figure 1: Options for PocketKnife Peek in the Outlook 2010 Ribbon

When Peek is initiated on an email message, it opens the message in its own window with a toolbar on top and four tabs on the bottom. The toolbar includes basic email client functionality, such as Reply, Forward, Move to Folder, and Mark as Read. Figure 2 shows a sample message viewed in the Peek interface.

Figure 2: A sample message viewed in the PocketKnife Peek interface (click image for larger view)

The four security functions of Peek are all easily accessed from the tabs at the bottom of the interface. You can view messages in plain text, including seeing the actual URL behind any URL displayed in the HTML rendering of the message. Microsoft actually introduced the ability to read all inbound messages as plain text in Outlook 2003 (see the Microsoft article "How to view all e-mail messages in plain text format"). This feature remains in both Outlook 2007 and Outlook 2010. Peek doesn't change the original message, but instead lets the user view the message almost on a "what if?" basis. Peek doesn't mark the email message as Read by default; however, if you use Peek regularly to view message content, you can configure it to mark messages as Read (See Figure 1).

The HTML Source tab lets you read the HTML for the message that has been received. I would like to see external source URLs highlighted in this view or for the interface to use color to distinguish HTML tags from page content, but all the text is black on a white background. The Internet Header for the message is easily accessed through Peek as well. The attachment tab lists the attachments to the message, if any, and will also list files in any .zip files that aren't password protected.

PocketKnife Peek isn't revolutionary, but it does make viewing message properties in Outlook easier, combining basic security checks into a single interface. Administrators and power users might find themselves using Peek to read all their email.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.