Ten years ago, Bill Gates told the World Economic Forum that the problem of spam would be solved within two years (by 2006). To be fair to Gates, he also noted that his predictions have not always been on the mark. I guess his views on the demise of spam fall into the “not accurate” because it still exists today. At least, I certainly receive my fair share of offers to join dubious projects to share money, buy different pills, or meet people that I really would prefer to avoid.
But if you’re an Office 365 user, you can help by letting Microsoft know about spam that manages to get through to your Inbox. The techniques used by spammers to defeat defenses evolve and morph all the time and the anti-spam developers have to run to keep pace with new threats. Sending Microsoft examples of spam helps the developers to figure out the characteristics of the message that allowed the spam to get past anti-spam checks. Here’s what you need to do.
Viewing message properties
Microsoft has a junk mail reporting add-in for Outlook that you can install and use. If this isn’t possible, you can use the following steps to report a message with Outlook 2013:
- Open the spam message
- Click File to go to the “backstage” area.
- Click Properties to reveal the header information (see above)
- Copy the Internet headers (CTRL/C).
- Close the message.
- Create a new message to forward the spam data (including a copy of the original mesage) to Junk at Office365 dot Microsoft dot com. This address is monitored by Microsoft’s anti-spam team.
- Paste the details of the message header that reveal the path the message took to your Inbox into the message body and then send the message.
Other clients will have different methods to expose the message headers. The important point is to provide these details to Microsoft as they help to understand how the message was transferred from server to server from origin to final delivery. The information will look something like the extract shown below:
Received: from DBXPR04MB542.eurprd04.prod.outlook.com (10.141.12.27) by
DBXPR04MB544.eurprd04.prod.outlook.com (10.141.13.155) with Microsoft SMTP
Server (TLS) id 15.0.1054.13 via Mailbox Transport; Wed, 22 Oct 2014 09:14:43
+0000
Received: from AM3PR04CA0050.eurprd04.prod.outlook.com (10.242.16.50) by
DBXPR04MB542.eurprd04.prod.outlook.com (10.141.12.27) with Microsoft SMTP
Server (TLS) id 15.0.1054.13; Wed, 22 Oct 2014 09:14:42 +0000
Received: from DB3FFO11FD041.protection.gbl (2a01:111:f400:7e04::154) by
AM3PR04CA0050.outlook.office365.com (2a01:111:e400:8814::50) with Microsoft
SMTP Server (TLS) id 15.0.1054.13 via Frontend Transport; Wed, 22 Oct 2014
09:14:42 +0000
Received: from mail-ie0-f179.google.com (209.85.223.179) by
DB3FFO11FD041.mail.protection.outlook.com (10.47.217.72) with Microsoft SMTP
Server (TLS) id 15.0.1049.20 via Frontend Transport; Wed, 22 Oct 2014
09:14:41 +0000
Received: by mail-ie0-f179.google.com with SMTP id ar1so3021765iec.38
The MessageHeaderAnalyzer app (for Outlook 2013 and Outlook Web App) is also a useful way to view message header information. However, the easiest way to get the information needed by the anti-spam team is to extract it as explained above.
Viewing message header information for spam with the MessageHeaderAnalyzer app
I doubt that spam will go away anytime soon. The only way to keep it under some form of control is to make sure that those who are responsible for blocking spam know about how it gets through. Helping them by reporting spam is a good way for you to contribute to the fight.
Follow Tony @12Knocksinna
Thoughtsofanidlemind's Blog 
What about the Junk Email Reporting Add-in for Microsoft Office Outlook (http://technet.microsoft.com/en-us/library/jj723127(v=exchg.150).aspx)? I find that to be an easier way for users to report false positives. After installing, all they have to do is right mouse click on the message and select Junk > Report Junk.
In addition to the add-in, the instructions on TechNet (http://technet.microsoft.com/en-us/library/jj200769(v=exchg.150).aspx) say to attach the spam message to the email and copy the spam subject line to the subject of the new message. If you just paste the headers they don’t get the content of the message. Those instructions also say to leave the body of the message empty.
I’ve noticed, however, that the message the add-in sends to report the message puts the headers in the body (in addition to sending the attachment), so Microsoft seems to not have a consistent message there.
I find it odd that the ability to send messages to Microsoft automatically when marking them as junk is not yet available in OWA for Office 365. TechNet says: “This topic only applies to Outlook Web App (OWA) customers whose Exchange Server 2013 SP1 mailboxes are being filtered by Exchange Online Protection (EOP). Exchange Online OWA customers will also have this functionality in the near future.” That entry (http://technet.microsoft.com/en-us/library/dn594557(v=exchg.150).aspx) was dated April 9, 2014, so I guess “near future” means something different to Microsoft.
Hi Scott,
I should have added the Junk mail reporting add-in and have updated to reflect this. However, not everyone can install add-ins for Outlook as it might be prohibited by corporate policy.
As to what gets reported, I hear different things from different voices in Microsoft. I’ve been using this method for years with no complaints…
As to OWA reports – yes, it’s odd that Exchange Online customers don’t have the report junk mail option. Very odd.
TR
I just realized I twisted my words. I should have said you can use the Add-in for reporting false negatives, not false positives. For a false positive (legitimate mail marked as spam) you have to report it manually by sending to not_junk@office365.microsoft.com. Another odd choice by Microsoft, to not include that ability. I should have just said for reporting spam and non-spam to avoid confusing myself (an easier thing to do than I would like).
It’s interesting that you posted this. We use Microsoft Exchange Online Protection (part of Office365) as our cloud-based email security filter and used its predecessor, Forefront Online Protection for Exchange, before that. We have noticed a very large uptick in the number of spam emails that are getting through the EOP filters recently. I am very well versed in the procedure you discuss in this blog post at this point, but I also send the email to abuse@messaging.microsoft.com, which Microsoft previously documented as the desired target email address for such spam reports.
The abuse address is what the reporting add-in uses, but I suspect they all wind up in the same place ultimately.
Pingback: Weekly IT Newsletter – October 20-24, 2014 | Just a Lync Guy
Pingback: NeWay Technologies – Weekly Newsletter #118 – October 23, 2014 | NeWay
Pingback: NeWay Technologies – Weekly Newsletter #118 – October 24, 2014 | NeWay
Pingback: Report mail as a spam - junk to Microsoft part 2#2