You receive an email that you find suspicious–potentially a phishing email–so you ignore or delete it. Another option is to report the email to Microsoft for analysis via the Outlook add-in called Report Message or a specific Microsoft address.

In addition, you can use the process to report a “false negative,” meaning a spam message that should have been identified as spam but was not. You can also use it to report a “false positive,” meaning a legitimate email that was incorrectly identified as spam. Microsoft analyzes such messages to improve its spam filtering technology.

SEE: Phishing attacks: A guide for IT pros (free PDF) (TechRepublic)

First, if you use Outlook, install and enable the Report Message add-in. This add-in works with your Office 365 subscription and the following versions of Outlook: Outlook on the web, Outlook 2013 SP1, Outlook 2016, Outlook 2016 for the Mac, and Outlook included with Office 365 ProPlus. You’ll also need an Office 365 business account to enable add-ins.

After you installed Report Message, select an email you wish to report. Click the Report Message icon on the Home Ribbon, then select the option that best describes the message you want to report, such as Spam or Phishing. You can also report a legitimate message that was tagged as spam by selecting the Not Junk option (Figure A).

Figure A

By default, a confirmation message appears. Click the Report button to send your report (Figure B).

Figure B

You can turn off the confirmation message, if you wish. Click the Report Message icon, and select Options. At the Options window, check Automatically Send Reports, and then click Save (Figure C).

Figure C

If you don’t use Outlook, or your version isn’t supported by the Report Message add-in, you can forward a phishing or spam email to Microsoft. To do this, create a blank email message in your mail programs.

  • For a phishing email, address your message to phish@office365.microsoft.com.
  • For a junk email, address it to junk@office365.microsoft.com.
  • For a legitimate email falsely flagged as spam, address it to not_junk@office365.microsoft.com.

Copy and paste the phishing or junk email as an attachment into your new message, and then send it (Figure D).

Figure D

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday