How to submit a suspicious email
Effective July 8, 2026
In plain English: the single best thing you can send us is the original email as a file. A screenshot or copied-and-pasted text isn't enough, and an inline forward strips the hidden headers we rely on. There are a few ways to get us the original — which one works depends on the device and mail app you're using, so this page is honest about what each method can and can't do.
Why the original file matters
- The original
.eml/.msgcarries the real sender, routing (headers), and links we analyze. That's the evidence. - A screenshot or copied text throws that evidence away — we can't verify a sender or a domain from a picture.
- A plain inline forward (just hitting "Forward") rewrites the headers, so it often can't be analyzed. Forward as an attachment instead.
- Please don't click links or open attachments in the suspicious message before sending it to us.
The ways to submit
1. Upload the file on the website (any desktop browser)
Export the original message to a .eml/.msg file and drag it
onto the upload page. The upload page has step-by-step export
instructions for Outlook (desktop and web) and Gmail. This works from any computer,
regardless of your email provider.
2. Forward it as an attachment to your personal address
Every account gets a private forwarding address (it looks like
report+your-token@…, shown in your dashboard). Forward the suspicious
message as an attachment to that address and we email the report back
to your verified address. Possession of your personal address is what authorizes the
request, so it works even if the original sender's domain has no email authentication.
The trick most people miss: do it from your inbox list — usually a right-click on the message — not from inside the opened email (most programs hide the option once it's open). In Gmail on the web, right-click the message and choose "Forward as attachment." A plain "Forward" is not the same thing. If your email program doesn't offer it, the sure alternative is to save the message as a file and upload it here instead.
- Works well from desktop mail apps that support "Forward as attachment": Outlook desktop, Gmail on the web, Apple Mail on macOS, and Outlook on the web.
- Keep it private. Treat your forwarding address like a password; you can rotate it from your dashboard if it ever leaks.
- If we receive an inline forward (no attached original), we reply with steps to re-send it as an attachment rather than guess at a low-confidence answer.
3. The Outlook "Report Phishing" button (coming soon)
For Microsoft 365 / Outlook users, a one-click button will return the plain-English verdict right where you're reading the mail. It's the smoothest option for that audience and — because Outlook supports add-ins on phones for Microsoft 365 accounts — it's also the practical way to submit from a phone.
Submitting from a phone — the honest limitation
Most mobile mail apps (the Gmail app, Outlook mobile, Apple Mail on iOS, and others) cannot forward a message as an attachment, and they also can't export the original as a file. This isn't a limitation we can remove — it's how those apps work. So today:
- Microsoft 365 / Outlook on a phone: use the Outlook button (once available), which works on mobile for those accounts.
- Any other mail app on a phone: the reliable path is to submit from a computer — either upload the file or forward it as an attachment from your desktop mail.
We deliberately do not produce a "best-effort" verdict from a mangled inline forward: a confident-but-wrong answer is worse than telling you how to send us the real evidence.
What happens after you submit
- The file is analyzed only inside our isolated worker — the website never opens it — and the raw file is deleted afterward.
- The report is emailed to your verified address only (never to any address found inside the forwarded message) and also appears in your dashboard history, visible only to you.
- Messages from senders we can't tie to an account are dropped silently — the address is a customers-only utility, not a public inbox.
- A completed analysis uses one credit; an invalid or unreadable submission does not.
Questions
Need a hand getting the original message out of your mail app? Email support@noetis.us and we'll walk you through it for your specific client.