Manage Your Junk Email with Microsoft Defender

Defender for Office 365 works somewhat differently than our previous anti-spam software.  P​​lease look over the resources below and consider bookmarking this page for future help.​​​​​

Microsoft Defender for Office 365 is ​​designed to detect and prevent external email attacks and internal email attacks on an organization's infrastructure.

External email comes from outside of UWSP. 

Internal email
is ​sent between UWSP accounts.​


All email that Defender identifies as suspicious is available for review in your Outlook Junk Email folder. ​​


Why is Internal email defense important?

We tend to trust email sent from other UWSP email accounts.  If a malicious email breaches our anti-virus defenses and the recipient of that email clicks a link or opens an attachment they can unknowingly install a virus, or even ransomware on their computer.

If a recipient clicks a link in a phishing email and enters their UWSP credentials, their username and password will be captured. ​A hacker can then use this captured login information to log in and access the person's secure network resources including shared drives and other networked services, the person's​ UWSP email, and email addresses of  everyone listed in our UWSP Address book. 


​​​What important actions should be taken to manage junk email?


Train your spam filter!

Microsoft​ Defender ​will catch the majority of spam and phishing attempts sent to your account and route them to your Junk Email folder. 

​You should regularly check your Junk Email folder for legitimate email that may have been misidentified as junk.

You can further help Defender to correctly route emails by:

  • A​dding legitimate email retrieved from your Junk Email folder to your Outlook Safe Senders list. See, "How do I restore an email incorrectly identified as Junk Email?", below.

  • Reporting Junk email found ​in your Inbox so that future emails from the​ sender are automatically identified as spam. See, "What should I do if an email in my Inbox is clearly a Junk email or phishing attempt?", below.


Never trust anything in your Junk Email folder! ​​​​​​​​​​​​​​

Why should you never trust anything in your Junk Email folder

​Why?

Because all email identified by Windows Defender as potential junk or phishing is routed to your Outlook Junk Email folder

​​This is very different from UWSP's previous anti-spam tool that sent each UWSP employee a daily email digest of quarantined yet potentially legitimate email, but moved our most suspicious email to a quarantine website that required an extra login step if we wished to review our quarantined items.

Because we now see even those most suspicious emails that were previously omitted from our daily email digest view we should always review the emails within ​our Junk Email folder with caution when attempting to determine if an email is legitimate and before restoring the email to your Inbox. See, An example phishing email, below in the Other Information ​section.

Microsoft also provides this excellent information on how to Protect yourself from phishing​.  ​​​​

What are some other benefits of moving to Defender?

  • ​Defender sends all email identified as "Junk" directly to your Outlook Junk Email folder for easy access and review.  No more need to check daily quarantine emails.

  • See a suspicious email in your Outlook Inbox? You can now easily report these emails to Microsoft yourself through Outlook's Report Message Add-in​.

  • Emails listed in your Junk Email folder display the real URLs behind embedded text and graphic links, and the sender's real email address which can be very different from what displays as you view the email list. This "honest view" of a sender's email address and embedded URLs makes it easier to determine whether the sender is credible or suspect.

  • Emails mistakenly identified as spam are​ easier to retrieve from your Outlook Junk Email folder.  No more need to sign into a quarantine portal to look for an expected, overdue email.

 ​

​ Please look over the resources below for an overview, and consider bookmarking this page for future help.​​​​​ 

​ Included in the following FAQs is how to manage Junk email for:
  • Outlook Desktop app (Win/Mac)
  • Outlook Web app
  • Outlook mobile app for iOS
  • Outlook mobile app for Android​​

​​​
​​​​​​​​​​​​

How to report an email as junk or phishing? (how to use Outlook's Report Message button)

Occasionally a junk email gets through Microsoft Defender's spam filters and shows up in your Inbox. If you suspect an email is junk mail, please use the Report Message Add-In on Outlook's Ribbon to let Microsoft know. ​ 

Reporting junk email improves Microsoft's ability to consistently recognize and remove future junk email before it arrives in your Outlook Inbox​.

When you report an email as ​Junk,​ it:

  • Moves the email from your Inbox to your Junk Email folder.

  • Adds the sender to your Outlook Blocked Senders list.

  • Reports the address as junk email to Microsoft helping to improve Microsoft's Spam filters. ​


 Report a junk email message from Outlook Desktop


​ In Outlook Desktop on a Windows PC

Select the junk email in your Inbox.

​ At the right on the Home tab on the Outlook desktop ribbon. click Report Message and select whether you believe the email to be Junk or you suspect a Phishing attempt.  No need to be certain, Microsoft will sort it out.

 

 In Outlook Desktop on a Mac

​Select the junk email in your Inbox.​ 

On the Outlook Desktop menu click Report and select whether you believe the email to be Junk mail or you suspect a Phishing attempt.No need to be certain, Microsoft will sort it out.

 

Report a junk email message from​ Outlook Web (PC/Mac)

  1. Select the junk email in your Outlook Inbox.

  2. Click Report on Outlook's Home tab.

  3. Select Report phishing or Report junk. No need to be certain, Microsoft will sort it out. 

​​​​​​​​​​​​​

Report a junk email message in the Outlook app on iOS

  1. In the open email,

    • tap the ellipses at the top right of the email,

    • or

    • tap the ellipses to the right of the email subject.

     

  2. Tap Report Junk / Report Message.

  3.  

  4. ​Select Report phishing or Report junk.  No need to be certain, Microsoft will sort it out. 


Report a junk email message in the Outlook app on Android

  1. In the open email, tap the ellipses at the top right of the email.

  2.  

  3. Tap Report Junk.

  4.  

  5. Select Report phishing or Report junk.No need to be certain, Microsoft will sort it out. ​​
    ​​​​​​​​

Where can I see my email that was filtered out as Junk?

Email that Microsoft Defender identifies as junk or phishing is moved to your Outlook Junk Email folder.
 

Where to find your Junk Email folder:

 

 In Outlook Desktop and Outlook Web (PC / Mac) 

​Your Junk Email folder is located at the left in your Outlook folder list.

​​ In the Outlook app on iOS

Tap your profile icon at the top left to access your Outlook folder list and Junk folder.

You can also swipe right in your Outlook app to see your mailbox folder list, including your Junk Email folder.

 

In the Outlook app on Android

Tap your profile icon at the top left to access your Outlook folder list and Junk folder.

 ​​


Do I need to check my Junk Email folder to see if emails went there by mistake?

​​Yes.  You should regularly review your Junk email as occasionally a "safe" email can be mistakenly routed to that folder.

Emails routed to your Junk Email​ folder are removed after 30 days so you should regularly check this folder for emails you may wish to keep. Emails from vendors or a listserv for a professional organization are examples of email that can be identified as junk.​

See, "How do I restore an email incorrectly identified as Junk Email?"​ below for easy steps on how to report an email found in your Junk Email folder as "Not Junk" to move it and future emails from the sender to your Inbox.

Is email in my Junk Email folder automatically added to my Blocked Senders?

No. Only you can add an email domain or address to your Blocked Senders list.

If you determine that an email message in your Inbox is junk, you should report it using the Report Message add-In. This adds the sender to your Blocked Senders list so future emails from the sender are directly routed to your Junk Email folder instead of your Inbox.

Emails identified by Microsoft as junk and junk emails from addresses in your Blocked Senders list get routed to your Junk Email folder. This is your opportunity to review email messages identified as junk in the event a legitimate email has been misidentified. 

Emails in your Junk Email folder remain there for a 30-day retention period prior to their permanent removal.

See, "What should I do if an email in my Inbox is clearly a Junk email or phishing attempt?".​​

If I report an email as Junk or Phishing where does it go?

When you report an email as Junk, the sender's email address is added to your Blocked Senders list.  The reported email, and future email from the sender, is moved to your Junk Email folder where they remain for a 30-day retention period before being permanently removed.

Emails you report as Phishing are not added to Blocked Senders and are instead sent directly to your Deleted Items folder.   ​

​Reporting emails as Junk and Phishing helps Microsoft improve their spam filters and catch more unwanted email over time.

Why do emails from senders in my Blocked Senders list still show up in my Junk Email folder?

The purpose of your Blocked Senders list is to route email flagged as junk directly to your Junk Email folder so they do not appear in your Inbox, yet still allow you the opportunity to review these emails and restore an email that may have mistakenly been blocked. 

How do I restore an email incorrectly identified as Junk Email?

​You can report the email as Not Junk which:

  • Moves the email from your Junk Email folder to your Inbox.

  • Adds the sender to your Outlook Safe Senders list.

  • Reports the sender as legitimate to Microsoft helping to improve Microsoft's Spam filters.


Report a junk email message from Outlook Desktop

​ In Outlook Desktop on a Windows PC

  1. Select the email in your Junk Email folder

  2. At the right on Outlook's Home tab, ​click Report Message and select Not Junk.

 

​ In Outlook Desktop on a Mac

  1. Select the email in your Junk Email folder

  2. At the right on Outlook's Home tab, ​click Report and select Not Junk.​ Report is also available from within the open email.



In Outlook Web (PC/Mac)

  1. ​Select the email in your Junk Email folder

  2. ​On Outlook's Home tab, ​click Report and select Not junk.


 

Report as not junk in the Outlook app on iOS

  1. Select the email in your Junk Email folder

  2. ​In the open email, tap the ellipses at the right of the email subject.

  3.  

  4. Tap Report as not junk.

  5.  

Report as not junk in the Outlook app on Android

  1. ​​​Select the email in your Junk Email folder

  2. In the open email, tap the ellipses at the top right then select Not junk.

 

​​​​​

What if I report an email as Phishing by mistake?

If you report an email as phishing by mistake and the email is deleted, you can retrieve the email from your Deleted Items folder.  

To ​​correctly restore the email, select the email in your Deleted Items then select Not Junk from the Report Message Add-in on Outlook's ribbon.

‭(Hidden)‬ Why shouldn't I add UWSP accounts to my Safe Senders list?

Email addresses within the UWSP domain (@uwsp.edu) are already "trusted".

This does not mean that an outside party cannot spoof a UWSP email address making a malicious email appear to be legitimate. You should always be cautious when opening email links and attachments if you were not expecting the email. If you are suspicious, contact the email sender directly via phone or in a new, separate email and ask if they sent it, or contact the IT Service Desk​ for help verifying the email's authenticity.

​​

Other Information


What is the difference between Junk email and Phishing?

​All unwanted, unsolicited email is considered Junk Email and is typically routed by Outlook Defender to the Junk Email folder.​  "Junk Email" is often used interchangeably with "Spam", with "Phishing" emails being one of Junk Email's malicious subsets.

To assist Microsoft in better identifying and filtering out the various types of Junk email you receive, please report junk email to Microsoft using the Report Message Add-in which has separate options for reporting "Junk", and suspected "Phishing" emails.

See, "What should I do if an email in my Inbox is clearly a Junk email or phishing attempt?".

Junk Email

Junk email, while annoying and even occasionally overwhelming, may have no malicious intent. ​ For example, bulk email such as ​vendor emails for products and services, newsletters and free webinar offers, conferences you may or may not have heard of, to name a few.

Some Junk Email can however, contain an infected attachment or executable, or may be worded to sound threatening, with a link for you to provide payment within a short window of time to make the seeming threat go away.  

​Phishing

Phishing falls within the scope of Junk Email.  A phishing email always has​ malicious intent and often uses a sense of urgency to get you to do something, like clicking a link and entering your account login. 

In its most simple form, a phishing email is how a hacker collects your personal account information.  The hacker then accesses your account or sells your information, leading to bank overdrafts and maxed out credit, a damaged credit score and identity theft.  A hacker can lock your account or computer until a requested ransom is paid.  A phishing email can even send itself from your account to all of your address book contacts.

Phishing emails designed for organizations typically attempt to capture your logon information. The hacker then uses your credentials to gain network access, eventually working their way into key infrastructure and databases where they can harvest financial records,​ student and employee personal data, and even lock key infrastructure and services until a ransom is paid by your organization​.​  The average cost of a single successful ransomware attack in higher ed can be hundreds of thousands of dollars. ​​​​ 

​Always be suspicious when opening links and attachments


​Be cautious when opening email links and attachments if you are not expecting the email, even if seemingly sent from someone in your Safe lists or from others within UWSP.  If you are suspicious, contact the email sender directly via phone or in a new, separate email and ask if they sent it, or contact the IT Service Desk​ for help verifying the email's authenticity.​​​​​

An example phishing email

The best way to protect ourselves as we work through all of the email we may receive on a daily basis, and when reviewing the contents of our Junk Email folder is to always be suspicious.  Consider what is typical for the types of communications you​ receive and always question the authenticity of anything unusual​.

Here is an email that was received by UWSP's CIO and routed by Microsoft Defender to the Junk Email folder.  Malicious emails can appear very convincing. There are four different parts that can help you decide whether an email may indeed be a phishing email.

Never report a message as Not Junk and restore it to your Inbox unless you have thoroughly inspected the email and believe it to be safe.

​​​​

A. Look at the email header.


The email header can sometimes be an indication of whether an email is legitimate.

Look at the sender's address

Phishing emails can look like they are sent from people or organizations with which you are familiar such as your bank or credit card company, from people you know, or even from yourself. 

This example is quite obvious because our CIO certainly has better things to do than send out password reset emails - same with sending emails to himself.  But not all phishing email addresses are this easy to identify.

Hackers will "spoof" a legitimate email address by changing the address very slightly.  Here the sender's address is just close enough to our CIO's email address to appear legitimate. ​ A recipient may not think twice about the added text, "user." preceeding the true address.

Small changes in spelling are also common.  You may receive an email from Discovr.com instead of "Discover.com", or a phishing email from uw-cu.org may arrive when just seconds ago we were reading a legitimate email from uwcu.org.

​Letters in a spoofed email address may also be substituted.  Hackers will even substitute letters from other languages, like replacing a lowercase "a" with the italicized Cyrillic "De".

Check the profile image

A question mark "?" in place of a profile image, or initials, can be a clue that the sender is attempting to hide their true address. Legitimate sender addresses from email hosting services other than Microsoft should also display at least initials.

​B. Check the part directly below the header.  This is information added by Defender.

The sentence, "You don't often get an email from" is added by Defender and is your reminder to closely scrutinize the sender's address to ensure that it is indeed from a sender you know and that the address has no signs of spoofing as we discussed above.

​C. Look closely at the email message text.

 

You should always carefully review the text of a message if you are not confident the sender is legitimate.  Here, the text that tells us that we will be allowed to keep an old password, and the seemingly urgent "within 24 hours" is a clear indication that this email did not originate at UWSP.  Information Technology always sends multiple password reset reminders over a period of time and information security prohibits the reuse of our existing password.

Other things to look for in a suspicious email are mispellings and poor grammer (phishing emails can often originate from outside of the U.S.).  In this email message, "an uwsp.edu", should instead be "a" and there are two spaces before "User". There also does not appear to be spaces between sentences.

​D. Mouse over the embedded URLs within the message text.


Sometimes the true URL behind an embeded link can be quite different from the URL that displays in an email.  Micrososft Defender​ ​Safe Links scans and rewrites the URLs, then analyzes them for potentially malicious content.

To see the true URL behind the displayed link, mouse over the link. The hidden links in phishing emails are typically from sites we do not recognize and are very different from the organization that is supposedly represented in the email.

​For your protection, Windows Defender disables all suspicious links within emails that are routed to your Junk Email folder enabling you to safely inspect them.  These links become active if you determine an email to be legitimate and report the email as Not Junk, sending it to your Inbox.  ​​​​​​​​​​​​​​​​​​​

Need help?  Contact the Service Desk.


​​ ​