Handling junk mail in Outlook 2007

Microsoft Office Outlook 2007 Inside and Out
By Jim Boyce

Jim Boyce is a highly-regarded expert on operating systems and productivity software who's written or contributed to more than 50 books. A former contributing editor for Windows Magazine, Jim writes for several technical publications and Web sites.

To learn more about other books on the 2007 Microsoft Office system, visit Microsoft Press.

In this article

How Outlook 2007 junk e-mail filtering works

How Outlook 2007 phishing protection works

Enabling and configuring junk e-mail filtering

Controlling automatic downloads

Managing junk e-mail effectively

Tired of wading through so much junk e-mail? Anyone with an e-mail account these days is hard-pressed to avoid unsolicited ads, invitations to multilevel marketing schemes, or unwanted adult content messages. Fortunately, Microsoft Office Outlook 2007 offers several features to help you deal with all the junk e-mail coming through your Inbox. Office Outlook 2007 improves on the junk e-mail and adult content filters to provide much better anti-junk-mail features. Anti-phishing measures have been added that scan e-mail for suspicious content and automatically disable it. The Junk E-Mail folder restricts certain e-mail functionality, displaying e-mail messages as plain text and preventing replies to messages contained in the folder, as well as blocking attachments and embedded links.

Outlook 2007 offers four levels of junk e-mail protection, with Safe Senders and Safe Recipients lists to help you identify valid messages. It also provides a Blocked Senders list to help you identify e-mail addresses and domains that send you junk e-mail, which enables you to exclude those messages from your Inbox. E-mail can also be blocked based on the originating top-level domain or language encoding used.

How Outlook 2007 junk e-mail filtering works

Before you start configuring the new junk e-mail filtering features in Outlook 2007, you should have a better understanding of how it applies these filters. Outlook 2007 provides four filter modes. To specify the filter mode, choose Tools, Options, and then click Junk E-Mail on the Preferences tab to display the Junk E-Mail Options dialog box shown in Figure 1. The following sections explain the four filter modes.

Figure 1. Use the Junk E-Mail Options dialog box to quickly configure Outlook 2007 to filter unwanted messages.

No Automatic Filtering This option protects only against mail from individuals and domains in your Blocked Senders list, moving it to the Junk E-Mail folder. All other mail is delivered to your Inbox.

Low This option functions essentially like the junk e-mail and adult content filters in earlier versions of Outlook 2007. Outlook 2007 uses a predefined filter to scan the body and subject of messages to identify likely spam. You can't specify additional filter criteria for subject or content checking for this junk e-mail filter, although you can create your own custom junk e-mail rules to block messages using additional criteria.

High This level uses the same filtering as the Low level, but it also uses additional message scanning logic to determine whether a message is spam. Outlook 2007 scans the message body and message header for likely indications that the message is spam. You do not have any control over this scanning, other than to enable it by choosing the High scanning level.

If you choose the High option, you should not enable the option to delete junk e-mail messages rather than move them to the Junk E-Mail folder. Although Outlook 2007 will catch most spam, it will also generate false positives, blocking messages that you expect or want. You should review the Junk E-Mail folder periodically and mark any valid messages as not being junk e-mail.

Safe Lists Only This level provides the most extreme message blocking. Only messages originating with senders in your Safe Senders and Safe Recipients lists are treated as valid messages, and all others are treated as junk e-mail. Although this protection level offers the most chance of blocking all of your junk mail, it also offers the most chance of blocking wanted messages. To use this level effectively, you should allow Outlook 2007 to place messages in the Junk E-Mail folder and review the folder periodically for valid messages. When you find a valid message, add the sender to your Safe Senders list.

Understanding how Outlook 2007 uses the filter lists

Outlook 2007 maintains three lists: Safe Senders, Safe Recipients, and Blocked Senders. Figure 2 shows a Blocked Senders list that blocks all messages from these senders. Messages originating from an address or a domain on the list are filtered out. Entering a domain in the Blocked Senders list blocks all messages from that domain, regardless of the sender.

Figure 2. Use the Blocked Senders list to block messages by address or domain.

The Safe Senders and Safe Recipients lists identify senders and domains that Outlook 2007 should not filter, regardless of subject or content. Use the Safe Senders list to identify valid messages by their originating address. Use the Safe Recipients list to identify valid messages by their target address.

You have two options for adding entries to each of the three filter lists: specify an e-mail address or specify a domain. If you specify a domain, Outlook 2007 blocks all messages from that domain regardless of sender. However, Outlook 2007 is rather selective in blocking. Specify @wingtiptoys.com, for example, and Outlook 2007 will block messages from joe@wingtiptoys.com and jane@wingtiptoys.com but will not block messages from joe@sales.wingtiptoys.com. You must specify the subdomain explicitly in a list to either accept or block that subdomain. For example, to block the subdomain sales.wingtiptoys.com, enter sales.wingtiptoys.com in the Blocked Senders list.

Top of Page

How Outlook 2007 phishing protection works

Phishing is an attempt to fraudulently obtain personal information by luring you to a Web site and asking you to disclose things like passwords and credit card numbers. This Web site is spoofed, or pretending to be a trusted site when it is actually a fake setup to help steal your personal information. Phishing is often done by sending e-mail that directs you to the spoofed site. With the widespread use of HTML e-mail, it's easier to disguise the actual destination of a link, and accordingly harder for you to detect the misdirection. Fortunately, Microsoft has added anti-phishing features to Outlook 2007. E-mail messages are evaluated as they arrive, and messages that appear to be phishing are delivered to the Inbox, not the Junk E-Mail folder, but are otherwise treated much like junk e-mail, with the following functions disabled.

Disable Links And Other Functionality In Phishing Messages If Outlook 2007 determines that a message appears to be phishing, the message is delivered to the Inbox, but attachments and links in the message are blocked and the Reply and Reply All functions are disabled.

Warn Me About Suspicious Domain Names In E-Mail Addresses This option warns you when the sender's e-mail domain uses certain characters in an attempt to masquerade as a well-known, legitimate business. Leaving this functionality enabled protects you against phishing attacks using spoofed e-mail addresses.

Note: Phishing protection is functional even when the No Automatic Filtering option is selected and other junk e-mail protection options are disabled.

Top of Page

Enabling and configuring junk e-mail filtering

To begin filtering out unwanted messages, start Outlook 2007 and follow these steps:

1. Choose Tools, Options, and then click the Junk E-Mail button on the Preferences tab to open the Junk E-Mail Options dialog box (shown earlier in Figure 1).

2. Choose a level of protection on the Options tab.

3. If you want to delete messages rather than move them to the Junk E-Mail folder, select the Permanently Delete Suspected Junk E-Mail Instead Of Moving It To The Junk E-Mail Folder check box.

4. Select the Disable Links And Other Functionality In Phishing Messages check box to protect against common phishing schemes.

5. If you want to be warned when a domain name appears to be spoofed, select Warn Me About Suspicious Domain Names In E-Mail Addresses.

6. To enable postmarks on your outbound e-mail, select When Sending E-Mail, Postmark The Message To Help E-Mail Clients Distinguish Regular E-Mail From Junk E-Mail.

7. Click OK to apply the filter changes.

To configure the lists that Outlook 2007 uses in filtering junk e-mail, start Outlook 2007 and follow these steps:

1. Choose Tools, Options, and then click the Junk E-Mail button on the Preferences tab to open the Junk E-Mail Options dialog box.

2. Click the Safe Senders tab, and then click Add and enter the e-mail address or domain of the sender that you want Outlook 2007 to deliver to your Inbox, regardless of content or subject. Click OK, and then repeat this for each sender you want to add.

3. On the Safe Senders tab, select the Also Trust E-Mail From My Contacts check box if you want Outlook 2007 to always accept e-mail from senders in your Contacts folder, regardless of content or subject. You can also choose to select the Automatically Add People I E-Mail To The Safe Senders List check box.

4. Click the Safe Recipients tab, and add the target addresses or domains for which Outlook 2007 should allow messages (used typically to accept e-mail sent to a mailing list).

5. Click the Blocked Senders tab, and add the addresses or domains of junk e-mail senders whose messages you want Outlook 2007 to explicitly block.

6. Click the International tab, and select the top-level domains and types of language encoding that Outlook 2007 should always block.

7. Click OK to apply the filter changes.

Top of Page

Controlling automatic downloads

Images and other online content present another potential hazard in e-mail, because you usually, at minimum, confirm that your e-mail address is valid when you download this content. Content from unknown sources can also be malicious, containing Trojan horses, viruses, and so on.

The Automatic Download area of the Trust Center, shown in Figure 3, lets you decide when Outlook 2007 should download external content in e-mail messages, Really Simple Syndication (RSS) items, and Microsoft Office SharePoint® discussion boards. The Safe Senders and Safe Recipients lists can be used to determine downloading settings, as can Security Zones.

Figure 3. Configure Automatic Download options in the Trust Center.

The Automatic Download options are described in the following list:

Don't Download Pictures Automatically In HTML E-Mail Messages Or RSS Items This setting prevents images from downloading to your computer automatically, except as directed by additional settings in this screen. Blocking automatic image downloads protects you from spammers who use your connection to their server to verify your identity as well as from malicious content.

Permit Downloads In E-Mail Messages From Senders And To Recipients Defined In The Safe Senders And Safe Recipients Lists Used By The Junk E-Mail Filter You can tell Outlook 2007 to use the safe lists you have created to determine which images it will download automatically. This lets you see images from those sources that you have already decided you trust while blocking other images.

Permit Downloads From Web Sites In This Security Zone: Trusted Zone Content that resides on a Web site that is included in the Trusted Security Zone is downloaded automatically when this setting is enabled. This lets you receive images and other content from trusted sources such as corporate servers or partners based on a common list, reducing the amount of configuration needed.

Permit Downloads In RSS Items Control over images downloading in RSS feeds is configured separately, allowing you to block images in RSS feeds without affecting e-mail messages.

Permit Downloads In SharePoint Discussion Boards You can configure whether to download content from SharePoint discussion boards separately, offering you finer control over the content that is downloaded to your computer.

Warn Me Before Downloading Content When Editing, Forwarding, Or Replying To E-Mail If this setting is enabled, Outlook 2007 warns you before downloading content in messages that you are replying to, forwarding, or editing. If you choose to not download the images and continue with your actions, Outlook 2007 remove the images from the message, and the recipient will not be able to retrieve them.

Configuring automatic downloading of external content

To configure image downloading, start Outlook 2007, and then follow these steps:

1. Choose Tools, Trust Center, and then select Automatic Download to view the options for handling image downloads (shown earlier, in Figure 3).

2. To stop Outlook 2007 from automatically downloading images, select the Don't Download Pictures Automatically In HTML E-Mail Messages Or RSS Items check box.

   If this check box is not selected, all other options on this screen will be unavailable, and all images will be displayed, creating potential security risks.

3. If you want to view images from sources you trust, select the Permit Downloads In E-Mail Messages From Senders And To Recipients Defined In The Safe Senders And Safe Recipients Lists Used By The Junk E-Mail Filter check box.

4. To allow sites you trust to download images, select Permit Downloads From Web Sites In This Security Zone: Trusted Zone.

5. If you want to view images in RSS feeds, select Permit Downloads In RSS Items.

6. To view images from SharePoint sites, select Permit Downloads In SharePoint Discussion Boards.

7. If you want Outlook 2007 to alert you that images are being downloaded when you take action on an e-mail message, select Warn Me Before Downloading Content When Editing, Forwarding, or Replying To E-Mail.

8. Apply the changes by clicking OK.

Top of Page

Managing junk e-mail effectively

E-mail is a critical tool for most people, but it can also be a frustration when you feel overwhelmed by junk e-mail. By using the features provided in Outlook 2007 and taking a few additional steps, you can greatly reduce the amount of junk e-mail you receive and the corresponding risks:

• Use the Outlook 2007 junk e-mail filters and phishing protection. The default option of Low on the Options tab in the Junk E-Mail Options dialog box provides some protection, but it might not be enough. You might want to raise the level to High and check your Junk E-Mail folder regularly to ensure that Outlook 2007 is not sending legitimate messages there. Use the International tab in the Junk E-Mail Options dialog box to block top-level domains from which you never want to receive messages or to block messages in specific languages.

• Use the Safe Senders list and Blocked Senders lists. Building both your blocked and safe lists will make a considerable difference in how well Outlook 2007 can filter your e-mail.

• Update the Outlook 2007 junk e-mail filters regularly. Updates for Outlook 2007 can be obtained by choosing Help, Check For Updates. You can also download updated filters from office.microsoft.com/en-us/officeupdate/.

• Disable functionality that can inadvertently confirm your identity. Features like read and delivery receipts and automatic acceptance of meeting requests can confirm your identity to a spammer. Outlook 2007 lets you configure receipt processing for Internet e-mail differently from messages within your corporate network so that you can leave receipts on for your business contacts while disabling them for messages from outside the organization.

• Guard your primary e-mail address. Many people have a secondary e-mail address—often from a free public provider—that they use when posting on message boards, newsgroups, and so on. Even so, you might want to change your e-mail address when posting in public by changing the @ to AT or inserting extra characters such as chrisHillREMOVE@wingtiptoys.com. This can help prevent automated gathering of your address by spammers' robots.

• Don't reply to spam. Even a seemingly simple unsubscribe message confirms that your e-mail address is valid, so unless you know the sender, just delete the message.

• Don't automatically download images and other online content. Spammers can verify your e-mail address when you connect to the server to download the external content in a message. Online content is blocked by default, and it's a good idea to leave it that way. You can download content for an individual message by right-clicking the message box telling you that the content has been blocked and then selecting Download Pictures.

• Don't forward chain e-mail. These messages clutter up inboxes, expose e-mail addresses, and are all too often hoaxes. If you absolutely must forward a message, send it to only the few people who will definitely be interested, and use the BCC option for their e-mail addresses.

• Never provide personal information in e-mail. Even with a trusted correspondent, you should avoid sending critical data such as credit card or social security numbers in unencrypted e-mail.

• Don't provide personal information to links you get in e-mail. If you get e-mail that appears to be from a company you do business with, don't assume it actually is. Most e-mail that provides a link and asks for personal data is spoofed in an attempt to get you to disclose this information. If you think the e-mail might be valid, type the URL of the business into your browser rather than clicking the link in the e-mail message to be sure you end up at the correct site.

• Read each Web site's privacy policies. Get in the habit of checking privacy policies before providing your e-mail address. Sure, this can take a minute or two, but it takes more than that to delete the spam you will get if they misuse or sell your e-mail address. Most Web sites explain what they do with the information they collect; you might want to carefully consider whether to provide any information to those that do not.

• Keep antivirus, spyware, and firewall protection up to date. Outlook 2007 can help you avoid most junk e-mail and the associated threats, but the most effective protection is a multilayered approach. You should also install firewall and antivirus software and make sure that it is kept up to date. You might also want to obtain utilities that protect against spyware and other malicious software.

Top of Page