Due to client specific Outlook settings, it can sometimes occur, that a message is forwarded as a “winmail.dat” file. This is often due to an Outlook configuration for the "rich text" format. 

The Phishing Report Button reads the complete content, including attachments and headers, of the mail that is to be reported and generates an EML-file from the exchange server. This created file is then attached to a new e-mail, which is then sent to your SOC address. In case a “winmail.dat” file is created instead of an EML-file this is done by your exchange server.

If you receive forwarded e-mails, from users using older versions of Microsoft Outlook, the messages may be displayed as winmail.dat attachments. These attachments contain information in Microsoft's proprietary TNEF format, which cannot be read by many other e-mail clients. The easiest way to deal with this, is to get the sender to stop sending you rich text formatted e-mails from Microsoft Outlook. How to ensure this is explained here: https://support.microsoft.com/en-us/kb/278061 

Many of our customers also configure Microsoft Exchange not to send winmail.dat files. This is considered best practice by many Exchange administrators.

If you receive winmail.dat attachments and still want to open them, here are utilities for Mac, Linux and Windows that can decode the proprietary TNEF format:


tnefDD -http://tnefdd.soft112.com/download.html

TNEF's Enough -http://www.joshjacob.com/mac-development/tnef.php



Winmail Opener -http://www.eolsoft.com/freeware/winmail_opener/

Winmail.dat Reader -http://www.winmail-dat.com