Office 365 - Learn about junk email and phishing

Mail identified as possible junk email by campus junk mail filtering is automatically moved to the Junk Email folder, and any potentially dangerous content within the message, for example, links or executable code, is disabled.

Office 365 Team Junk Mail Filtering Recommendation: It is the recommendation of the Office 365 team for users to disable all local client (Outlook, Apple Mail, etc.) automated junk mail filters and local client rules/filters in Office 365. For UW-Madison users, many clients will have local junk mail filtering disabled entirely. All rules/filters should be created in Outlook on the web. Please refer to our Office 365 (Outlook on the web | Outlook for Windows/MacOS) - Using Inbox Rules document.

Types of junk email

Junk Email

Junk email, also known as spam, is unsolicited email, usually commercial. It can strain networks, clog email servers, and fill mailboxes with unwanted and possibly offensive messages and images. Most of it is annoying, but harmless. Most junk email will be blocked by the email server that hosts your account.


Phishing is a specific kind of junk email that's used to obtain private information for use in identity theft and other scams. The email message appears to come from a trusted source, such as your bank, and often includes the actual business logo and an apparently legitimate reply address.

For more information about how to identify phishing email messages and how to protect yourself from them, see Email and web scams: How to help protect yourself.


"Graymail" is generally characterized by newsletters, sales pitches, and stuff trying to pass as legitimate marketing. It's a result of your address(es) getting on marketing lists, and then being sold to other email marketers. These messages are particularly difficult to get classified as spam because they are usually being sent on behalf of otherwise legitimate companies (for varying degrees of "legitimate"), and there are many recipients who consider the messages completely legitimate.


'Backscatter' is the name given to bounceback messages generated when a spammer uses your mail address in the 'From:' line of their messages. This does not mean they have access to your account, however, if you feel your account has been compromised, please change your password. If the spammer's message can't be delivered for any reason, the receiving host will send back a bounce or non-delivery report to the address in the 'From:' line.

Backscatter messages takes several forms:

  • DSN (Delivery Status Notification) advising that the message cannot be delivered - or that delivery is delayed.
  • Auto-replies - often advising that the mailbox is no longer in use due to spam or that the recipient is on vacation.
  • Challenge/response requesting that you confirm you sent the message.

If a spammer sends a large number of messages, you may receive literally hundreds or thousands of 'backscatter' messages.


When a spammer uses your address as the "From" address, but they are not sending from your account, this is called 'Spoofing.' This means that they are just using your address so it appears that you sent the message, though the header information will often display the true sending address. For more information about 'Spoofing', please review this article:

Important: There is not a way to stop 'Backscatter' or 'Spoofing' from occurring. However, spammers will eventually switch addresses, not out of respect for you, but simply because if they use the same address or domain for too long, spam filters will eventually start blocking it.

How do messages get identified as junk email/spam?

When a message arrives into Office 365, it is scanned by "SPAM/Anti-virus" software. It looks for specific aspects within the message and is then tagged with a specific spam rating between 1-7. If a message is tagged with a rating of 4 or higher, it will be moved into the "Junk Email" folder.

What can I do with messages in my "Junk Email" folder?

When you receive a message that might be junk email, it will be moved to your Junk Email folder. You can treat messages in your Junk Email folder like any other message.

Legitimate spam

There are a couple of options for dealing with legitimate spam in your "Junk Email" folder:

  • Do nothing: Messages will automatically be deleted after 30 days. Important: There is a system wide policy in place for all Office 365 email accounts that will automatically delete messages that are older than 30 days from the "Junk Email" folder.
  • Delete: Like any other message, you can delete it. Deleted messages will go into your "Deleted Items" folder.

Misidentified spam message

If a message in your Junk Email folder is one that you want to keep, you will be able to mark the item as not junk and the item will be moved to your inbox.

  • Outlook on the web: Right click the item in your Junk folder you would like to keep and click Mark as not junk.
  • Outlook Desktop Clients: Select an item in your Junk folder and from the ribbon click Junk and click Mark as Not Junk or Not Junk depending on the version of Outlook.

What can I do with spam messages in my "Inbox" folder?

If you believe the message should have been tagged as spam, review the following document: Office 365 - Submit a message as spam/phishing.

How can I prevent getting spam and/or graymail?

The only way to not get spam is to make sure that spammers do not know your e-mail address or make them think that your account is not being read. There are many ways that you can try to limit the amount of spam you receive.

  1. Unsubscribe from the mailing list if the organization is reputable (you should be able to tell from their web site if they have one). Have you ever filled out one of those web forms and forget to check whether the "Send me Info" box was checked or unchecked? It's usually set on by default.
  2. Don't reply to spam messages and don't click the link that says "unsubscribe" if company is not reputable. Spammers often use this to verify that your address is valid. They rarely remove your address from their mailing list; or if they do, then they may just put you on another list.
  3. Obtain a "throwaway" e-mail address. Use this address if you have to enter your email address in an form online. Check the account periodically to make sure that no legitimate messages get sent to that address. Options include Gmail, Yahoo, Hotmail, etc.
  4. Read web site privacy policies before submitting personal information. This will help you determine if the company is reputable enough to handle your private information. If you determine that the company may abuse this information, give them your "throwaway" address instead.
  5. Don't put your email address on a web page. Spammers use "spider" programs to scour the internet looking for email addresses. If you absolutely have to publish your real email address on a web page there are some ways to hide your address so that people can read it, but spider programs can't. Look up these tactics with your favorite search engine.
  6. Create custom rules If you can reliably detect a specific pattern or content within these messages, you can try creating a unique inbox rule to automatically detect and filter these messages. If you need assistance with this, you can look at the following document Office 365 (Outlook on the web | Outlook for Windows/MacOS) - Using Inbox Rules.
  7. Create a block filter Mail identified as possible junk email can be automatically moved to the Junk Email folder. Learn more.

What else do I need to know?

  • You can also use the junk email settings options to manage your junk mail: go to Outlook on the web | Settings OWA_settings_icon.png | View All Outlook settings | Mail | Junk Email. You can add multiple email addresses, such as, to the Blocked Senders or Safe Senders and Recipients lists. You may also block or allow mail from an entire domain by adding it to either list. For example, to trust/allow email from anyone who has a address, add to the Safe Senders and Recipients list. Learn more.
    • Note: When several hundred email addresses have been added to your Blocked Senders list, blocking of messages may become inconsistent. If more than 500 addresses have been added to your Blocked Senders list, mail blocking will no longer work. You will need to remove blocked addresses from the list to bring it below the limit for mail from blocked senders to be properly routed to your Junk Mail folder instead of your Inbox. Microsoft does not intend for the Blocked Senders list to house hundreds of addresses, and it is recommended that you keep the list as small as possible, only blocking senders you believe are likely to send again using that address. Keeping this list manageable at around 50 blocked addresses, is a good practice."
  • You can also move a message from the Junk Email folder to another folder by dragging it from the Junk Email folder to any other folder.
  • If you right-click the Junk Email folder and click Empty, the contents of the Junk Email folder will be moved to the Deleted Items folder.
  • If you are forwarding your account:
    • To another Office 365 account: The spam message will be forwarded.
    • To an account outside of Office 365: The spam message will be quarantined. Learn more.
  • Focused Inbox feature may be right for you. Learn more.
  • Learn how to create a good HTML email message.
  • Why emails go into the junk/spam folder.
  • How To Avoid Spam Filters When Sending Emails.
  • Junk email filter limits.

top of page Top of Page

See Also:

Keywords:microsoft office o365 web client outlook web app help calendaring overview messages categories flags color reminding arranging filtering junk email phishing spam owa whitelisting block senders safe inbox rules filters client windows mac 2019 2016 2019 mac windows graymail backscatter spoofing   Doc ID:31866
Owner:O365 S.Group:Office 365
Created:2013-07-26 06:55 CSTUpdated:2021-07-29 07:09 CST
Sites:DoIT Help Desk, DoIT Tech Store, Office 365
Feedback:  3   15