If you’ve received a suspicious email and want to report it, you’ll need more than just a screenshot. The email headers contain the technical trail — sender IP, routing path, and hidden recipient info. Here’s how to extract and save them properly.
Email headers contain critical information about the origin, path, and authenticity of a message.
In this guide, we explain how to extract and save metadata for reporting purposes.
If you are new to email security, you may also want to read our article on How to Report Phishing Scams (Without Clicking a Single Link) or explore Alternatives to Microsoft Word: Free and Paid Options for Every User.
🖥️ For Windows Users (Generic Email Clients)
- Open the suspicious email in your inbox.
- On a Logitech Keyboard press Fn + Insert (or Ctrl + Alt + F3 on some systems) to open the message source or headers.
- A window will appear showing raw metadata — copy everything.
- Open a blank Word document.
- Paste the copied headers.
- Save the file as email_headers_[date].docx or .pdf.
You now have a clean, attachable file for police or IT reports.
📧 For Microsoft Outlook - Open the email.
- Click File > Properties.
- In the Internet headers box, copy all the text.
- Paste it into Word or Notepad.
- Save the file with a clear name.
💡 Shortcut: In some Outlook versions, you can right-click the email and choose View Source or Message Options.
🍏 For Mac Users (Apple Mail) - Open the suspicious email in Apple Mail.
- Click View > Message > All Headers.
- Alternatively, press Shift + Command + H to toggle full headers.
- A panel will appear showing the raw metadata.
- Select all text, copy it.
- Open Pages, TextEdit, or Word, paste the headers.
- Save the file as email_headers_[date].docx or .pdf.
📧 For Outlook on Mac - Open the email.
- Click the three dots (…) in the top-right corner.
- Choose View > View Source.
- A window will open with the full headers.
Copy and paste into a document and save.
📎 Why This Matters
Authorities and IT departments need the full header to:
• Trace the real sender
• Identify spoofed domains
• Confirm mass distribution (BCC abuse)
• Link the email to known phishing infrastructure
Without it, your report is just a screenshot — useful, but not actionable.
Looking for more articles and resources?
Visit our About page or Sitemap / Link Page to explore all posts and projects.
Internal Articles
- 📧 How to Report Phishing Scams (Without Clicking a Single Link)
- 💻 Recurring Windows Repair Issues Reported by Users
- 🛠️ How to Recover Files from a Broken Windows System Using Linux
External Resources
- FTC – How to Recognize and Report Phishing
- CISA – Email Security Guidance
- Microsoft – How to View Email Message Headers
