Rare Phoenix Soft.

E-mail Info add-in icon E-mail Info add-in for Outlook
Office Ribbon

       Phishing attempts can be a serious problem for individuals and businesses.  E-mail has never been the most secure medium around and with the ability to send mass e-mails in a short time, it makes an ideal means of exploitation.  With companies nowadays requesting personal e-mails and creating mailing lists, security breaches make it very easy for these lists to be used for malicious reasons.  In addition to this, unscrupulous companies sell these mailing lists themselves, making it possible to receive unwanted and dangerous e-mails from almost anywhere.  Filters from large e-mail providers have become more and more sophisticated and manage to catch most of the spam, phishing and virus e-mails, but new, more insidious, phishing attempts keep coming and filters can't always keep up.  Sometimes a suspicious e-mail still manages to slip through.
       This add-in for Outlook provides an opportunity to learn a lot of information about an e-mail before opening it. The add-in analyzes the location of the servers the e-mail passed through, the attachments that came with the e-mail and also examines the links contained. A user, in case of a suspicious e-mail, can look at all this additional information to decide to open or delete the e-mail, helping avoid a phishing scam or a virus infection.


  Analyze location details of servers the e-mail passed through before opening it
  Select and warn if e-mail goes through servers in specific countries
  Allow for quickly reading the e-mail in text format, to avoid executing any scripting code

  Analyze location details of the servers the embedded links in the e-mail point to
  Inspect and expand tinyurls to display the original link
  Determine redirects and display the final link
  Select and warn if links point to servers in specific countries or to specific servers

Full detailed feature information is available in the Help document.

  Place on the world map the approximate location of the server that sent the e-mail

Map IP Location

  IP address
  See the IP address of the servers the e-mail passed through and identify the countries of those servers/IP addresses
  Handle IPv4 and IPv6 addresses

IP Address

  Blocked attachments
  Download attachments blocked by Outlook  (* at your own risk *)

Blocked Attachments


  E-mail path
  Place on the world map the approximate location of the servers this e-mail has passed through

E-mail Path

  Geo IP providers
  Select from multiple providers for location validation, depending on provider features and limits

Multiple Providers

  Link information
  Follow the links in the e-mail and determine the type of the files that will be obtained if clicking them

Link information

  Validate the attachments are of the type the file extension implies
  Inspect file contents of compressed data containers

Attachment Information

  Potential viruses
  Inspect script attachments that could damage your system (for advanced users that can read source code)

Script Information

  E-mail header
  Display the full message header                                     

Message Header


Fake sender

  The principle to having a successful phishing attack is to make the user believe the information comes from a trusted source when in fact it does not.
  This e-mail is pretending to come from Bank of Montreal (a major Canadian bank).
  Outlook doesn't display the actual e-mail address asheldrik1@optusnet.com.au by default, so it's easy to see how someone could assume the email does come from BMO Support, especially someone that has an account with the bank.

  Looking at the e-mail address, the server, optusnet, doesn't seem to have any name relation to BMO, while the au portion points to Australia - not really a main location for a Canadian bank.
  Examining the IP addresses this e-mail has originated from, both seem to be from Australia. Why would a major Canadian bank have the servers on the other side of the world?
  The last clue is found in the link contained inside the e-mail. The server jsdfg.ise-geek.org seems to be inaccessible, and looks nowhere near bmo.com which is the actual server for Bank of Montreal.

File with different extension

  Different File Extension
  Sometimes files sent are not of the same type as the extension implies.
  In this case, a file was sent as text, when in fact it is an executable.
  This is not as egregious because while the file is an executable, the extension is telling Windows to treat it as a text file so even if double clicked on, it will be opened by default by Notepad, which will not run the file, but will probably show plenty of non-text characters.

  For this attachment to be a real threat, it would have to be named SoundCodec.txt.exe. As Windows hides file extensions by default, downloading and showing this file in Windows explorer would look like SoundCodec.txt due to the hidden extension. Windows will still see the double extension of .exe, hence running the file if the user double clicks on it.
  Some servers (like Google's gmail) will detect this and block the file, or the e-mail altogether.

ZIP with script

  A virus is a piece of executable code that will have a negative effect on the system that runs is. It needs to either run automatically when the e-mail is received or somehow trick the user to run it.
  To prevent viruses from spreading through e-mails, most providers will block executable attachments, Outlook will also block them in case they come through.
  Viruses can also come in the form of scripts and can be just as damaging.

  In this case, a script is included in a compressed ZIP file. The script by itself can be blocked by Outlook but by having it sent in a ZIP container, it managed to squeak through. Even so, the script will not run by itself, it still needs the user to open the ZIP container and then double click on the script for it to affect the system.
  For advanced users, detailed byte information of the ZIP container and the internal files is also available, including what application Windows will use if the user runs it.

ZIP with script detail


  Full Version
   E-mail IP Location
   Multiple Geo IP Providers
   Analyze Attachments
   Inspect Links
   Price: $5.99

  Trial Version
   14 day
   E-mail IP Location
   Single Geo IP Provider

License key will be e-mailed
within 24 hours of purchase


  Outlook     32 bit     64 bit  
* Compatibility table will be updated as more information becomes available.
  Outlook     32 bit     64 bit  
* Compatibility table will be updated as more information becomes available.

  Disabled add-in
  In the unlikely event that Outlook disables the add-in, there are a number of methods to re-enable it

  Requires elevated (Admin) privileges

  Geo location provider
  Limits may change without notice at providerís discretion

  Location information is just an approximation

© 2019-2020 Rare Phoenix Soft, All Rights Reserved.