Skip to content Skip to site navigation

How to Forward a Suspected Spam or Phishing Email to the Information Security Office

Important Notice:
Due to the volume of reports received on a daily basis, not all reports to the spam mailbox are able to be given an individual reply. However, the Information Security Office does analyze the reports in aggregate to monitor for large scale attacks and identify malicious links that can be blacklisted on the campus network.

Instruction:
The Information Security Office prefers that you forward the suspected phishing or spam messages to the email address spam@stanford.edu.

Additional Resources:
If you desire an in-depth analysis of a specific email: If available, please first utilize local IT resources for the analysis, otherwise feel free to submit a HelpSU to the Information Security Office via the following link: 
Request ISO Analysis of Suspicious Email

Sending email as attachments:
If a member of the Information Security Office reaches out to you about a report, you may be asked to forward the suspicious email again as an attachment. Below are instructions for doing so in various email applications:


Webmail:

  1. Create a new email message.
  2. Click the Open Separate Window icon Webmail email window icon at the top right corner of the new email message window. The email message opens as its own window within your browser.
  3. Organize your browser windows so you can see your list of emails and the new message window.
  4. Click and drag the suspicious email to the new message window. The suspicious email becomes an attachment to the new message. 
    Note: If your email is in Conversation view, the attachment will include all the messages within the conversation. To just attach a specific message, change your email display setting to Messages and then attach it.
  5. In the new message window To: line, enter the address of the requesting party or spam@stanford.edu.
  6. Enter any relevant information in the message text box.
  7. Click Send.​

Microsoft Outlook:

  1. Create a new email message.
  2. Arrange your windows so you can see the main Outlook client window and the new message window.
  3. Click and drag the suspicious email from your Outlook window to the new message window. The suspicious email becomes an attachment to the new message.
  4. In the new message window To: line, enter the address of the requesting party or spam@stanford.edu
  5. Enter any relevant information in the message text box.
  6. Click Send.

Gmail:

  1. From a browser, open Gmail.
  2. Open the suspicious email.
  3. Next to the Reply arrow icon , click the down arrow .
  4. Click Show original.
    The headers will show in a new window, including the authentication results field.
  5. Highlight and copy all of the text in the box below Download Original.
  6. Return to Gmail.
  7. Create a new email.
  8. Paste the contents of the text box into the message of the new email.
  9. Send the email to the requesting party or spam@stanford.edu.

Inbox by Gmail:

  1. From a browser, open Inbox by Gmail.
  2. Open the suspicious email.
  3. Inside the email, click the more icon .
  4. Click Show original.
    The headers show in a new window, including the authentication results field..
  5. Highlight and copy all of the text in the box below Download Original.
  6. Return to Inbox by Gmail.
  7. Create a new email.
  8. Paste the contents of the text box into the message of the new email.
  9. Send the email to the requesting party or spam@stanford.edu.
Last modified September 6, 2018