Problem solve Get help with specific problems with your technologies, process and projects.

Microsoft Office 2003 SP2's antiphishing filter for Outlook

Microsoft's new Office 2003 Service Pack 2 adds functionality to Outlook 2003's Junk E-mail Filter to help protect against phishing scams. Find out how it works.

Phishing, or using bogus URLs in email to lure the unsuspecting into giving up personal information, has become as pervasive and troubling as spam.

VIEW MEMBER FEEDACK TO THIS OUTLOOK SECURITY TIP
Unfortunately, most people aren't aware of how widespread or insidious phishing scams are, and often have a hard time telling if a link is legitimate or not.

To that end, the new Office 2003 Service Pack 2 update adds functions to Microsoft Outlook 2003's Junk E-mail Filter to help protect against phishing scams.

How it works

When Microsoft Outlook receives an email with hyperlinks in it, the email is checked by the Junk E-mail Filter to see if it might be coming from a spoofed address, or if the links in it are suspicious. If the links look suspicious -- even if the mail itself hasn't been tagged as spam -- the hotlinks in the mail are disabled. Clicking on one of them brings up the warning:

Some links in this message might connect to unsafe or fraudulent sites. To help protect your security, links have been turned off in this message.

A bar at the top of the message reads:

Click here to turn on links. To help protect your security, links are turned off in this message.

Users then has to go through an extra step to open a possibly dangerous link. When doing so, they have the option to add the sender to a list of known good domains.

More on Microsoft Outlook security and phishing:
10 tips in 10 minutes: Phishing exposed

Phishing protection primer

8 tips in 8 minutes: A Microsoft Outlook email security tutorial

Phishing Reference Center

Because of the way the filter evaluates messages, it's sometimes a little overzealous, but Microsoft decided it was better to err on the side of caution.

For instance, I receive Favorite Search email once a day from eBay -- a report of what's currently matching all my most common eBay searches. The links in the message are "bounced" through the Doubleclick.net ad service. And, since Doubleclick.net isn't listed as a safe domain in my copy of Microsoft Outlook, the links in my Favorite Search email are blocked.

About the author: Serdar Yegulalp is editor of the Windows Insight.

MEMBER FEEDBACK TO THIS OUTLOOK SECURITY TIP

Can this feature be disabled? If so, how?
—David B.

******************************************

In Microsoft Outlook, go to Actions -> Junk E-mail -> Junk E-mail Options, and uncheck the box marked "Don't turn on links in messages that might connect to unsafe or fraudulent sites."
—Serdar Yegulalp, tip author

******************************************

Can this feature be turned off by a group policy object (GPO) setting?
—David L.

******************************************

There is a registry setting you can change for it through GPO:

HKCU\Software\Policies\Microsoft\Office\11.0\Outlook\Options\Mail

Create a DWORD named JunkMailEnableLinks and set it as follows:

1: Allow links in junk mail to be active.
0: Disable links in junk mail (default).

I don't think this setting works in Microsoft Outlook 2007, though.
—Serdar Yegulalp, tip author

******************************************

Is there a way to set this filter so that recipients -- and/or sites -- that I deem to be safe will have the links available (i.e., not blocked)?
—Michael O.

******************************************

If you receive an email from a domain that you know is safe, you can declare that domain exempt from the phishing filter within the message itself or from the Actions -> Junk E-mail menu option.

For instructions on how to do this, read Microsoft's "Get antiphishing and spam filters with Outlook SP2."
—Serdar Yegulalp, tip author

Do you have comments on this tip? Let us know.

Please let others know how useful this tip is via the rating scale below. Do you have a useful Exchange Server or Microsoft Outlook tip, timesaver or workaround to share? Submit it to our tip contest and you could win a prize.

This was last published in October 2005

Dig Deeper on Exchange Server setup and troubleshooting

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchSQLServer

SearchEnterpriseDesktop

SearchVirtualDesktop

Close