Q: Is there an easy way to view security information about incoming messages in Microsoft Outlook?

A:Microsoft doesn't seem to make it easy in Outlook to control some security aspects for inbound messages or to empower us to make decisions about thecontent of specific messages. We can force inbound messages to render in plain text; however, this setting is for all messages by default withexemption options for specific senders. We can view header information for a specific message, but the option to do so is hard to find and not veryintuitive.

The company XIntercept has created a small toolset for Outlook called PocketKnife Peek. (This tool is inaddition to the company's PocketKnife product, which provides better integration of Outlook contacts with Microsoft Word). PocketKnife Peek lets usersview aspects of email messages prior to opening them in Outlook itself. Peek lets you perform four actions on a message:

PocketKnife Peek uses a standard installation and can be deployed on Outlook 2000 or later, but only on the 32-bit version of Outlook 2010. As with allOutlook add-ins, Outlook must be restarted in order for the new add-in to load. After Outlook is restarted, Peek is integrated into the Outlook Ribbonin Outlook 2010 and in the toolbar for earlier versions. Peek is also incorporated into the context menu (right-click menu) when an email message isselected. Figure 1 shows the options from the Peek menu in the Outlook 2010 Ribbon.

Figure 1: Options for PocketKnife Peek in the Outlook 2010 Ribbon

When Peek is initiated on an email message, it opens the message in its own window with a toolbar on top and four tabs on the bottom. The toolbarincludes basic email client functionality, such as Reply, Forward, Move to Folder, and Mark as Read. Figure 2 shows a sample message viewed in the Peekinterface.

Figure 2: A sample message viewed in the PocketKnife Peek interface (click image for larger view)

The four security functions of Peek are all easily accessed from the tabs at the bottom of the interface. You can view messages in plain text,including seeing the actual URL behind any URL displayed in the HTML rendering of the message. Microsoft actually introduced the ability to read allinbound messages as plain text in Outlook 2003 (see the Microsoft article "How to view all e-mail messages in plain text format"). This feature remains in both Outlook 2007 and Outlook 2010. Peek doesn't change the original message, butinstead lets the user view the message almost on a "what if?" basis. Peek doesn't mark the email message as Read by default; however, if you use Peekregularly to view message content, you can configure it to mark messages as Read (See Figure 1).

The HTML Source tab lets you read the HTML for the message that has been received. I would like to see external source URLs highlighted in this view orfor the interface to use color to distinguish HTML tags from page content, but all the text is black on a white background. The Internet Header for themessage is easily accessed through Peek as well. The attachment tab lists the attachments to the message, if any, and will also list files in any .zipfiles that aren't password protected.

PocketKnife Peek isn't revolutionary, but it does make viewing message properties in Outlook easier, combining basic security checks into a singleinterface. Administrators and power users might find themselves using Peek to read all their email.