Office 365 - Learn about junk email and phishing

Mail identified as possible junk email by campus junk mail filtering is automatically moved to the Junk Email folder, and any potentially dangerous content within the message, for example, links or executable code, is disabled.

Office 365 Team Junk Mail Filtering Recommendation: It is the recommendation of the Office 365 team for users to disable all local client (Outlook, Apple Mail, etc.) automated junk mail filters and local client rules/filters in Office 365. For UW-Madison users, many clients will have local junk mail filtering disabled entirely. All rules/filters should be created in Outlook on the web. Please refer to our Office 365 (Outlook on the web | Outlook for Windows/MacOS) - Using Inbox Rules document.


Types of junk email

Junk Email

Junk email, also known as spam, is unsolicited email, usually commercial. It can strain networks, clog email servers, and fill mailboxes with unwanted and possibly offensive messages and images. Most of it is annoying, but harmless. Most junk email will be blocked by the email server that hosts your account.

Phishing

Phishing is a specific kind of junk email that's used to obtain private information for use in identity theft and other scams. The email message appears to come from a trusted source, such as your bank, and often includes the actual business logo and an apparently legitimate reply address.

For more information about how to identify phishing email messages and how to protect yourself from them, see Email and web scams: How to help protect yourself.

"Graymail"

"Graymail" is generally characterized by newsletters, sales pitches, and stuff trying to pass as legitimate marketing. It's a result of your address(es) getting on marketing lists, and then being sold to other email marketers. These messages are particularly difficult to get classified as spam because they are usually being sent on behalf of otherwise legitimate companies (for varying degrees of "legitimate"), and there are many recipients who consider the messages completely legitimate.

Backscatter

'Backscatter' is the name given to bounceback messages generated when a spammer uses your mail address in the 'From:' line of their messages. This does not mean they have access to your account, however, if you feel your account has been compromised, please change your password. If the spammer's message can't be delivered for any reason, the receiving host will send back a bounce or non-delivery report to the address in the 'From:' line.

Backscatter messages takes several forms:

If a spammer sends a large number of messages, you may receive literally hundreds or thousands of 'backscatter' messages.

Spoofing

When a spammer uses your address as the "From" address, but they are not sending from your account, this is called 'Spoofing.' This means that they are just using your address so it appears that you sent the message, though the header information will often display the true sending address. For more information about 'Spoofing', please review this article: http://lifehacker.com/how-spammers-spoof-your-email-address-and-how-to-prote-1579478914.

Important: There is not a way to stop 'Backscatter' or 'Spoofing' from occurring. However, spammers will eventually switch addresses, not out of respect for you, but simply because if they use the same address or domain for too long, spam filters will eventually start blocking it.

How do messages get identified as junk email/spam?

When a message arrives into Office 365, it is scanned by "SPAM/Anti-virus" software. It looks for specific aspects within the message and is then tagged with a specific spam rating between 1-7. If a message is tagged with a rating of 4 or higher, it will be moved into the "Junk Email" folder.

What can I do with messages in my "Junk Email" folder?

When you receive a message that might be junk email, it will be moved to your Junk Email folder. You can treat messages in your Junk Email folder like any other message.

Legitimate spam

There are a couple of options for dealing with legitimate spam in your "Junk Email" folder:

Misidentified spam message

If a message in your Junk Email folder is one that you want to keep, you will be able to mark the item as not junk and the item will be moved to your inbox.

What can I do with spam messages in my "Inbox" folder?

If you believe the message should have been tagged as spam, review the following document: Office 365 - Submit a message as spam/phishing.

How can I prevent getting spam and/or graymail?

The only way to not get spam is to make sure that spammers do not know your e-mail address or make them think that your account is not being read. There are many ways that you can try to limit the amount of spam you receive.

  1. Unsubscribe from the mailing list if the organization is reputable (you should be able to tell from their web site if they have one). Have you ever filled out one of those web forms and forget to check whether the "Send me Info" box was checked or unchecked? It's usually set on by default.
  2. Don't reply to spam messages and don't click the link that says "unsubscribe" if company is not reputable. Spammers often use this to verify that your address is valid. They rarely remove your address from their mailing list; or if they do, then they may just put you on another list.
  3. Obtain a "throwaway" e-mail address. Use this address if you have to enter your email address in an form online. Check the account periodically to make sure that no legitimate messages get sent to that address. Options include Gmail, Yahoo, Hotmail, etc.
  4. Read web site privacy policies before submitting personal information. This will help you determine if the company is reputable enough to handle your private information. If you determine that the company may abuse this information, give them your "throwaway" address instead.
  5. Don't put your email address on a web page. Spammers use "spider" programs to scour the internet looking for email addresses. If you absolutely have to publish your real email address on a web page there are some ways to hide your address so that people can read it, but spider programs can't. Look up these tactics with your favorite search engine.
  6. Create custom rules If you can reliably detect a specific pattern or content within these messages, you can try creating a unique inbox rule to automatically detect and filter these messages. If you need assistance with this, you can look at the following document Office 365 (Outlook on the web | Outlook for Windows/MacOS) - Using Inbox Rules.
  7. Create a block filter Mail identified as possible junk email can be automatically moved to the Junk Email folder. Learn more.

What else do I need to know?

top of page Top of Page

See Also: