Office 365 (Outlook) - Learn about junk email and phishing
Mail identified as possible junk email is automatically moved to the Junk Email folder, and any potentially dangerous content within the message, for example, links or executable code, is disabled.
Junk email, also known as spam, is unsolicited email - usually commercial. It can strain networks, clog email servers, and fill mailboxes with unwanted and possibly offensive messages and images. Most of it is annoying, but harmless. Most junk email will be blocked by the email server that hosts your account.
Phishing is a specific kind of junk email that's used to obtain private information for use in identity theft and other scams. The email message appears to come from a trusted source, such as your bank, and often includes the actual business logo and an apparently legitimate reply address.
"Graymail" is generally characterized by newsletters, sales pitches, and stuff trying to pass as legitimate marketing. It's a result of your address(es) getting on marketing lists, and then being sold to other email marketers. These messages are particularly difficult to get classified as spam because they are usually being sent on behalf of otherwise legitimate companies (for varying degrees of "legitimate"), and there are many recipients who consider the messages completely legitimate.
'Backscatter' is the name given to messages generated when a spammer uses your mail address in the 'From:' line of their messages. This does not mean they have access to your account, however, if you feel your account has been compromised, please change your password. If the spammer's message can't be delivered for any reason, the receiving host will send back a bounce or non-delivery report to the address in the 'From:' line.
Backscatter messages takes several forms:
- DSN (Delivery Status Notification) advising that the message cannot be delivered - or that delivery is delayed.
- Auto-replies - often advising that the mailbox is no longer in use due to spam or that the recipient is on vacation.
- Challenge/response requesting that you confirm you sent the message.
If a spammer sends a large number of messages, you may receive literally hundreds or thousands of 'backscatter' messages.
Important: There is not a way to stop 'Backscatter' from occurring. However, spammers will eventually switch addresses, not out of respect for you, but simply because if they use the same address or domain for too long, spam filters will eventually start blocking it.
When a message arrives into Office 365, it is scanned by "SPAM/Anti-virus" software on the server side. It looks for specific aspects within the message and is then tagged with a specific spam rating between 1-7. If a message is tagged with a rating of 4 or higher, it will be moved into the "Junk Email" folder.
To report a junk/phishing message in Outlook 2016/2013 for Windows:
1. Right-click on the message you want to mark as junk and select Junk:
2. Select Block sender:
The message will be moved to your Junk Email folder and future messages from that sender will be delivered to your Junk Email folder.
To report a junk/phishing message in Outlook 2016 for Mac:
1. Select Junk from the ribbon, then select either Junk or Block sender:
If you select Junk, the message will be moved to your Junk Email folder. If you select "Block sender", the message will be moved to your Junk Email folder and future messages from that sender will be delivered to your Junk Email folder.
To report a junk/phishing message in Outlook on the web, right click on an email and select mark as junk. Choosing to report the junk message will help grow the spam filter and block similar emails in the future.
It is also possible to block senders, but it is recommended to mark the mail as junk and report it so that others will not receive emails from the same junk sources in the future.
When you receive a message that might be junk email, it will be moved to your Junk Email folder. You can treat messages in your Junk Email folder like any other message.
There are a couple of options for dealing with legitimate spam in your "Junk Email" folder:
- Do nothing: Messages will automatically be deleted after 30 days.
- Delete: Like any other message, you can delete it. Deleted messages will go into your "Deleted Items" folder.
If a message in your Junk Email folder is one that you want to keep, you will be able to mark the item as not junk and the item will be moved to your inbox and the sender will automatically be added to your Safe senders and recipients list..
- Outlook on the web: Right click the item in your Junk folder you would like to keep and click Mark as not junk.
- Outlook Desktop Clients: Select an item in your Junk folder and from the ribbon click Junk and click Mark as Not Junk or Not Junk depending on the version of Outlook.
The only way to not get spam is to make sure that spammers do not know your e-mail address or make them think that your account is not being read. There are many ways that you can try to limit the amount of spam you receive.
- Unsubscribe from the mailing list if the organization is reputable (you should be able to tell from their web site if they have one). Have you ever filled out one of those web forms and forget to check whether the "Send me Info" box was checked or unchecked? It's usually set on by default.
- Don't reply to spam messages and don't click the link that says "unsubscribe" if company is not reputable. Spammers often use this to verify that your address is valid. They rarely remove your address from their mailing list; or if they do, then they may just put you on another list.
- Obtain a "throwaway" e-mail address. Use this address if you have to enter your email address in an form online. Check the account periodically to make sure that no legitimate messages get sent to that address. Options include Gmail, Yahoo, Hotmail, etc.
- Read web site privacy policies before submitting personal information. This will help you determine if the company is reputable enough to handle your private information. If you determine that the company may abuse this information, give them your "throwaway" address instead.
- Don't put your email address on a web page. Spammers use "spider" programs to scour the internet looking for email addresses. If you absolutely have to publish your real email address on a web page there are some ways to hide your address so that people can read it, but spider programs can't. Look up these tactics with your favorite search engine.
- Create custom rules If you can reliably detect a specific pattern or content within these messages, you can try creating a unique inbox rule to automatically detect and filter these messages. If you need assistance with this, you can look at the following document 58643.
- Create a block filter Mail identified as possible junk email can be automatically moved to the Junk Email folder.
- You can also use the junk email settings options to manage your junk mail: go to Settings | Options | MAIL | Accounts | Block or allow. You can add entire email addresses, such as firstname.lastname@example.org. Or you can add just the domain portion to trust all email from that domain. For example, to trust email from anyone who has a uwm.edu address, add uwm.edu to the Safe Senders and Recipients list.
- You can also move a message from the Junk Email folder to another folder by dragging it from the Junk Email folder to any other folder.
- If you right-click the Junk Email folder and click Empty, the contents of the Junk Email folder will be moved to the Deleted Items folder.
- If you are forwarding your account:
- To another Office 365 account: The spam message will be forwarded.
- To an account outside of Office 365: The spam message will be quarantined.