How to forward an email as an attachment (and why it matters)
When someone asks you to forward a problem email - a bounce notice, a message that landed in junk, a suspicious phish - HOW you forward it decides whether the evidence survives. A normal forward keeps the words and quietly discards everything else.
What a normal forward throws away
An email is more than its visible text. Riding along in the hidden headers are the facts an investigator actually needs:
- Authentication results - whether the message passed SPF, DKIM, and DMARC at the receiving server, and as which domain.
- The server chain - every mail server the message passed through, with timestamps and IP addresses (the
Receivedheaders). - Spam-filter verdicts - Microsoft, for example, stamps its spam confidence score and category right into the delivered message's headers.
- The Message-ID and the exact bounce diagnostics on a rejection notice.
When you click plain Forward, your mail client composes a NEW message and pastes the old one's text into it. The new message carries YOUR headers - your client, your server, your authentication - and the original's headers are gone. Whoever receives it can read what the message said, but nothing about where it really came from or why a receiver treated it the way it did.
Forwarding as an attachment is different: the original message travels inside the new one as a complete .eml file, headers and all. The evidence survives intact.
The one step, per mail client
Gmail
Open the message, click the three-dot menu at the top right of the message (not the compose window), and choose Forward as attachment. On the desktop you can also select the message in the list and drag it into a compose window - it attaches as a .eml file.
Outlook (new Outlook, web, and Microsoft 365)
Open the message, click the three-dot menu in the message toolbar, and choose Forward as attachment. In classic desktop Outlook it lives under More next to the Forward button, or you can drag the message from the list into a new blank email.
Apple Mail
Select the message, then use the menu bar: Message > Forward as Attachment. The keyboard habit of plain forward (Cmd-Shift-F) does an inline forward, so use the menu for this one.
Anything else
Most clients can save a message as a .eml file (drag it to your desktop, or a Save As / Download message option). Attach that file to a fresh email and you have achieved the same thing.
When it matters
Any time the RECIPIENT of your forward needs to analyze the message rather than just read it:
- Reporting a phishing attempt to your IT team or a security vendor - the headers are how they trace the real origin.
- Sending a bounce notice to whoever manages your email - the bounce carries the receiving server's exact rejection code and, usually, the original message's full headers.
- Asking a deliverability tool to tell you why a message was rejected or landed in junk.
That last one is exactly how Delivery Diagnosis works in trustyourinbox: every workspace gets a private diagnose address, and forwarding a bounce or a spam-foldered message to it as an attachment gives the analysis the original headers, the receiver's authentication verdicts, and the bounce diagnostics to work from. An inline forward arrives with none of that - which is why the reply to one is a friendly note asking for the attachment version, never a guess.
A note on privacy
An attached original includes the full message, body and all - so forward it only to whoever genuinely needs to investigate, the same way you would treat any sensitive document. Tools worth trusting are explicit about what they keep: trustyourinbox analyzes the body and discards it, keeping only the headers and the verdict.
Keep reading
Free for one domain. Set up in five minutes. We parse the reports; you read plain-English summaries.