It can be frustrating when all incoming emails, for example from Office 365, go to junkmail folder of an Outlook.com or Hotmail.com user. The same message simply lands in the inbox of a Gmail or Yahoo address. When I ask Copilot about this issue, the AI tool gives good suggestions.
Check the spam settings: Make sure the spam filters in Outlook.com or Hotmail.com are correctly configured. You can do this by going to the settings and reviewing the spam filter options. This helps preventing all incoming emails go to junkmail folder.
Mark as ‘Not spam’: When you find an email in the spam folder that doesn’t belong there, mark it as ‘Not spam’. This helps the email provider learn which emails aren’t spam. That way, you prevent all new incoming emails from ending up in the junk mail folder.
Add sender to safe list: Add the sender’s email address to your list of safe senders. This ensures that future emails from this address won’t go to the spam folder.
Check the email headers: Sometimes it helps to review the email headers to see why an email was marked as spam. This may provide insights into which filters flagged the message.
Contact support: If the problem persists, you can contact Microsoft support for further assistance.
This blog post dives deeper and may offer a solution when the standard fixes don’t work. Hopefully, we can resolve the issue where all incoming emails go to the junk mail folder.
First, the technology being used: Microsoft’s SmartScreen®.
Microsoft SmartScreen®
Outlook.com reduces the impact of unwanted email by using patented SmartScreen® technology. This technology filters emails to identify spam and separate it from legitimate messages. SmartScreen® content filters, based on patented machine learning technology from Microsoft Research, learn from known spam and phishing threats, user feedback, and from Outlook.com users participating in our junk email classification program. This data helps SmartScreen® recognize legitimate and unwanted email and is a key input for sender reputation. This technology ensures that incoming email no longer automatically ends up in the junk mail folder. Machine learning uses probabilistic algorithms to distinguish the various characteristics of legitimate and spam email. Ongoing feedback from Outlook.com users in the junk mail classification program allows SmartScreen® technology to improve continuously. SmartScreen® technology will also help preventing all incoming emails go to junkmail folder.
How does it work?
When an external user sends emails to an Outlook.com account, the SmartScreen® filtering technology evaluates the content and assigns a score based on how likely the message is to be spam. This score is stored as a message attribute, called the spam confidence level (SCL), within the message itself. The SCL rating stays with the message as it moves through other anti-spam protection layers within Outlook.com.
Rules in Outlook.com are configured to process email messages with different SCL ratings. If a message has an SCL rating that is higher than a certain threshold, it is considered spam and a rule deletes the message instead of moving it to the user’s junk email folder. If the message has a lower SCL rating than the threshold, the email is routed to the junk email folder instead of the inbox.
Outlook.com filters to prevent incoming emails from going to the junk mail folder
Outlook.com allows users to adjust filtering settings to improve email delivery to their account. Users can easily add a sender or domain to the safe senders and domains list. Email from that sender or domain will not be treated as junk, regardless of the message content. Users can also enable the “exclusive” mode to only accept messages from contacts and safe senders.
They can block emails from a specific address or domain by adding the sender to their blocked senders list or by clicking “Mark as junk” in the Outlook.com client. When a message is junk, the user can click the “Junk” button in Outlook.com, which will block all future emails from that sender.
Phishing protection to prevent all incoming emails from going to the junk mail folder
Phishing is a form of identity theft and one of the fastest-growing threats online. A phishing message often requests personal or financial information or contains a link to a website asking for such data. Outlook.com provides phishing protection as part of the patented SmartScreen® filter technology. SmartScreen® analyzes emails to detect fraudulent links or spoofed domains and protect users from these online scams. Phishing protection also helps preventing all incoming emails go to junkmail folder.
How does it work?
A phishing email often contains a link that leads users to a fraudulent website that mimics a legitimate one (such as your bank or an online service). This phishing site asks users to enter personal information such as usernames, passwords, or Social Security numbers. Information entered into the phishing site helps the attacker steal your identity. By using familiar brand names and logos, phishers can appear legitimate. Microsoft’s SmartScreen® phishing filter technology in Outlook.com checks emails for potential phishing indicators. Outlook then either deletes the message or shows a warning.
Microsoft targets its anti-phishing technology on two fronts: first, by helping prevent phishing emails from reaching customers, and second, by helping prevent customers from being misled by spoofed emails and websites. Internet Explorer version 7 and higher blocks or warns users when visiting known or suspected phishing sites.
Authentication
Domain spoofing is a technique for impersonating a legitimate email address to make fraudulent messages appear legitimate. Spoofing is used by malicious individuals and organizations in phishing scams to trick people into disclosing sensitive personal information. Disclosing such data can lead to identity theft and other forms of fraud. Outlook.com uses Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting, and Conformance (DMARC) to verify that messages originate from the domain they claim to. We recommend all senders use SPF and DKIM to protect their recipients from spam and phishing. In addition, we recommend senders publish a DMARC policy to reject or quarantine mail from unauthorized senders. DMARC policy will also help preventing all incoming e-mails go to junkmail folder.
To learn more about SPF, see RFC 4408
To learn more about DKIM, see RFC 4871
For more information about DMARC, visit dmarc.org
How does it work?
Outlook.com uses domain, IP, and authentication results as part of our SmartScreen® spam filters. Once the sender is authenticated, the results are compared to historical traffic patterns and the sender’s reputation. This allows you to block unwanted emails as well as phishing scams.
Trusted senders to prevent all incoming emails from going to the junk mail folder
To further protect users from phishing attacks, Outlook.com marks messages from certain authenticated senders as “trusted” in the Outlook.com interface. This is not an endorsement of a specific sender or a guarantee of delivery. It simply tells our users that the message really came from the claimed sender. The list of domains in this program is solely determined by the Outlook.com team. We will continue to expand the list to protect our users, but we do not accept requests from individual senders to participate. We use the following criteria when considering which domains to add:
- The domain must already be spoofed in phishing attacks against Outlook.com users. This ensures that domains previously targeted by phishing are recognized and marked as trusted to help prevent further spoofing.
- The domain must send messages containing sensitive transactional content. Domains that send sensitive data, such as financial transactions, are prioritized to ensure their messages are trusted and not flagged as phishing.
- The domain must send high volumes of email to Outlook.com. High-volume senders are likely to be legitimate businesses or services. Marking these domains as trusted helps users identify genuine communication.
- The domain must use SPF or DKIM to authenticate messages. SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) are email authentication methods that help verify the sender’s identity. This reduces phishing risk by ensuring the message really came from the claimed sender.
Unsubscribe
Outlook.com offers an “unsubscribe” option in the interface that lets users stop receiving email from a specific sender. Clicking unsubscribe adds the sender to the user’s block list. The user will no longer receive email from them. If we recognize the sender and they have a history of good sending practices, we also ask them to remove the user from their mailing list so they don’t keep sending messages to that user.
To receive unsubscribe feedback, senders must include a mailto: address in an RFC2369-compliant List-Unsubscribe header. Note that we only enable this feedback via email; URIs using other protocols like http are ignored. The sender must also have a good reputation and act quickly to remove users from their lists. We do not provide unsubscribe feedback to senders when a user unsubscribes from an untrustworthy message.
To learn more about List-Unsubscribe, read RFC2369. Also check out the information about List-Unsubscribe on this site.
Now in practice
On the internet, for example, I find many posts from people who are reasonably frustrated by now. In their view, Microsoft support isn’t solving the issue either. Here are some of the things these people (and I myself) have encountered.
More information on sending email from Exchange Online can be found hier. More information about the author of this blog post can be found here.
