Safe to reply to a suspicious email?

Your machine will immediately start to disintegrate and you will have 5 seconds to evacuate the building before it explodes!

If you are sure it is plain text the only things that could happen as a result of you replying are:

  1. Someone on the other end knows your email address.

  2. You might now be on some spam lists.

  3. You may now have leaked information if you are a reconnaissance target.

However, if you looked at the email in a web client (like google) and it looks like plain text, don't kid yourself, it could be html, or something else, and it could have something like an embedded image or some other content you didn't realize was there. Clients like Outlook could fool you as well. So be careful. The "text only" email may be more than text only.

My general rule is if I don't know them, or if I don't need to reply (or if I am not curious - in a controlled environment to investigate) why waste my time or risk the issue?!


The downside of responding if it is indeed a spam message is that it may confirm to a spammer that your address is indeed active and monitored by a person. As a result, you might see an increase of spam.

(I am assuming that this is a personal email)

If this is a business email account, the headers from your email may leak information useful to an attacker such as what mail servers your running, what type of filtering software may be in place etc.

In addition, to confirm if its spam or not, you could attempt to check the headers of the email and see where it originates from and if it's suspicious at all.


Unsolicited emails often bear fake source email addresses. By responding to a fishy email, you may unwillingly collaborate to a devious scheme meant to saturate the mailbox of some target victim. Possibly, the villain sent ten millions of emails with the address of his victim as alleged sender; if only one person in 1000 decides to respond to the email, the victim will drown under 10000 emails -- which are all hand-typed by old-fashion human beings, thus possibly hard to filter automatically (contrary to computer-generated spams).

Responding to a strange plaintext email normally has no risk for you, but you should refrain from it nonetheless, because you are not alone on the Internet.

Tags:

Email