How To Report Spam Or Phishing Emails With Office 365

Eric TateBlog

How To Report Spam Or Phishing Emails With Office 365

If you’re one of the over 180 million users of Microsoft Office 365, you most likely use it for your business and/or personal email. Office 365 is highly regarded as one of the best hosted email services available due to its enterprise-class reliability and top-grade security. A great part of that security is its comprehensive spam and phishing protection. However, much like all other email services, its protection is not fool proof. When interacting with email, it is important to remain diligent as some spam and phishing attempts can still make its way through its filters. You may have read our earlier blog post on how to detect spam and phishing attempts in which we review the signs to look for when an email seems possibly suspicious. But what should you do with such emails if you’re an Office 365 user? Read along to learn about how to report spam or phishing emails with Office 365.

There are a few different methods that can be used to report spam and phishing emails. By doing so, you are submitting the questionable message to Microsoft for further analysis, so that its characteristics can be used to better detect similar examples in the future. The following instructions will show you how to submit spam and phishing messages and are dependent on how you are accessing your email. Please note that we are focusing our attention for now on how to do so on a computer. Doing so on a mobile device varies greatly on the device itself and its email client, so we recommend taking the appropriate action when back at your desk.

Please note that the methods below will result in a copy of the questionable message being sent to Microsoft. As long as the message does not contain sensitive data, Diligex recommends sending the message to Microsoft in order to help improve the filtering services for all customers. Please use discretion before moving forward if you think the message may contain data that should not be shared.

Method #1 – Email message as attachment to Microsoft

Available for: Microsoft Outlook, Outlook Web Access (OWA), Other email clients such as Apple Mail

The following instructions are from Microsoft’s article on how to submit spam or phishing messages by sending them as an attachment to Microsoft. For further information, click here to read the original Microsoft article.

  1. Create a blank email message.
  2. Address the message to the Microsoft team that reviews messages, as follows:
  3. Copy and paste the junk or phishing scam message into the new message as an attachment.
    Note: You can attach multiple messages to the new message. Make sure that all the messages are the same type — either phishing scam messages or junk email messages. > Leave the body of the new message empty.
  4. Click Send.

Method #2 – Report Message Add-In

Available for: Microsoft Outlook

Microsoft has recently released a new add-in called the “Report Message Add-In” which adds an easy to use reporting button to your Microsoft Outlook toolbar. If the add-in has been enabled for your organization, you may use the following instructions to report a message to Microsoft.

  1. With the message selected in your email list, select “Report Message” in your Outlook toolbar.
  2. Choose the appropriate category for the message (junk or phishing).
  3. Choose whether you would like to send a copy of the message to Microsoft for further analysis.

For further information regarding the Report Message Add-In, please click here. If you are a Diligex customer using Office 365 and do not see the Report Message Add-In within Outlook, we are currently in the process of rolling it out to all users.

Method #3 – OWA built-in reporting functionality

Available for: Outlook Web Access

If you access your email via Outlook Web Access, you can utilize it to report messages to Microsoft. There is a limitation with this method though, in that you can only report it under the generic category of “junk”.

  1. Right-click on the message you would like to report.
  2. Select “Mark as junk”.
  3. On the pop-up, select whether you would like to report the message to Microsoft for further analysis.

Proper spam and phishing detection is a great way of helping protect your data. If you are a Diligex TotalCare client and are ever unsure about the legitimacy of an email message, feel free to let us know and we will be happy to assist with providing an analysis. If you are not currently a Diligex Total Care subscriber, feel free to contact us at to learn how Diligex can help keep your company’s data safe and secure.