There is a significant knowledge gap about the qualitative traits embedded in phishing emails, which could be useful in a range of phishing mitigation tasks. In this paper, we consider the structure of phishing emails to identify a novel set of descriptive features. We employ an iterative qualitative coding approach to identify features that are descriptive of the emails leading to the ``Phishing Codebook’’, a structured framework for extracting key phishing email information. We apply this codebook to a publicly available dataset of 503 phishing emails.