Configure junk email settings in Outlook 2013


Applies to: Office 365 ProPlus, Outlook 2013

Topic Last Modified: 2016-12-16

Summary: Learn how to create and deploy lists to filter out junk email before it gets to the inboxes of your enterprise Outlook 2013 users.

Audience: IT Professionals

One person’s junk email … is actually most people’s junk email. Keep junk email from slowing your organization’s Exchange Server by deleting it before it gets to inboxes or by routing it directly the Junk email folder.

The built-in junk email filter in Outlook already does some of this work for you, as briefly discussed in the next section. To make the junk email sweep even more targeted, you can create customized junk email filter lists (Safe Senders, Safe Recipients, and Blocked Senders). When email comes in from a sender identified in one of these filter lists, Outlook puts it in the user’s inbox or Junk folder. This article describes how to create and configure these custom junk email filter files for your organization.


Are you a user?

If you’re not an administrator, this article is not for you. But we can point you in the right direction if you want some help configuring junk email settings in Outlook like how to add names to your junk email lists and change the level of protection in your Outlook junk email filter.

Are you an admin?

If you’re an administrator, this article tells you how to configure organization-wide Outlook junk email settings and how to deploy the three customized junk email filter lists.

In this article:

Even if you don’t set up and deploy the customized junk email filter files, Outlook automatically protects your users from incoming junk and spam email with a built in, proprietary filter that protects against phishing, automatic download of web beacons, and other potential black hat mischief.

Phishing protection

Outlook’s built-in junk email filter shields users from spam, suspicious messages, and phishing schemes that try to lure them into sharing personal information. The filter detects suspicious messages and automatically quarantines them in the Junk folder. From there, users can review the quarantined email messages and, if they decide they are safe, move them to their inbox, where any links in the messages are automatically unblocked.

Automatic download protection

Another way that Outlook keeps potentially malicious content from overloading your server is by not automatically downloading pictures in the reading pane. You might have noticed that sometimes you have to right-click a placeholder and choose Download pictures to actually see pictures. Aside from the bandwidth drain, there’s another reason not to automatically download pictures—sometimes they aren’t pictures at all—they are programmatically embedded (and invisible) web beacons. Web beacons send information back to the sender to let them know that an email message has been previewed or opened. The default setting prevents downloading of pictures and hidden web beacons, so if you want Outlook to automatically download them, you have to enable the Include Internet in Safe Zones for Automatic Picture Download Group Policy setting.

Tell me more about the built-in email filter

Microsoft has an official anti-spam policy and lots of information about Microsoft’s efforts to help you keep user inboxes safe and relevant.

While the Outlook built-in junk email filter automatically checks incoming messages, the email filter lists that you can build and customize give you even more control over what is considered spam or suspicious. You can add names, email addresses, and domains to these lists. The filter allows for messages from sources you trust and blocks messages that arrive from specific email addresses and domains that you don't know or trust.

Here are the junk email filter lists you can create and deploy:

Safe Senders – Incoming mail sent from addresses and domain names in the Safe Senders list are never treated as junk email, regardless of the content. For enterprises using Exchange, all names and addresses in the global address list (GAL) are automatically considered safe—so you don’t need to add them to the Safe Senders list. If an address happens to be in both the Safe Senders and the Blocked Senders list, the Safe entry wins, and the message will be delivered to the Inbox.

Safe Recipients – Mail sent to addresses or domain names on this list are never sent to the recipient’s Junk email folder, even if the address is in a distribution list or the address or distribution list is on the Cc or Bcc line.

Blocked Senders – Block messages from particular senders by adding their email addresses or domain names to the Blocked Senders list. When you add a name or email address to this list, Outlook moves any incoming message from that source to the Junk email folder. Messages from people or domain names in this list are always classified as junk, regardless of the content. If an address happens to be in both the Safe Senders and the Blocked Senders list, the Safe entry wins, and the message will be delivered to the Inbox.

Types of email accounts supported by the junk email filter

You can use the junk email filter lists with the following kinds of email accounts:

  • Exchange accounts in Cached Exchange mode

  • POP3 account

  • IMAP account

The following accounts do not support Outlook junk email filter lists:

  • Exchange accounts in Online Mode

  • Third-party MAPI providers

Review the article, Plan for limiting junk e-mail in Outlook 2010, to determine the settings for the junk email filter and automatic content download. Though this article targets Outlook 2010, the information also applies to Outlook 2013.

If this is your first time using Group Policy template files or Office Customization Tool files, take some time to get familiar with them. Then, if you decide to manage junk email through Group Policy, read the overview of Group Policy to understand many of the settings, not just for junk email. If you decided to manage junk email by using the Office Customization Tool (OCT), start with the OCT reference.

First, create the lists on a test computer. This is exactly the same procedure that a user would follow to create junk email filter lists. After you create them, configure them using the OCT, and deploy them using a network share.

The three types of junk email filter files you can create are: Safe Recipients, Safe Senders, and Blocked Senders.

Junk email filter files.

To create the default junk email filter lists
  1. Install Outlook 2013 on a test computer.

  2. Start Outlook 2013.

  3. In Outlook 2013, click the Home tab. In the Delete group, click Junk, and click Junk email options.

    Junk menu, Junk email options drop-down list.

    Junk menu dropdown

  4. On the Safe Senders tab, click Add.

  5. Enter an email address, for example,

  6. Click OK.

  7. To add more email addresses, repeat steps 3 through 6.

  8. Click Export to file. (While this is a .txt file that can be created outside of Outlook, we do not recommend that you do so. When you create the file from within Outlook, file formatting and elements like carriage returns are all in the right places.)

  9. Enter a unique file name for the Safe Senders list, and click Save.

  10. Repeat steps 3 through 9 in the Safe Recipients tab and the Blocked Senders tab to create Safe Recipients and Blocked Senders lists. You can also create an International filter file if that makes sense for your organization. Be sure to specify a unique file name for each list.

You now have default junk email filter files that you can configure and deploy.

You can configure the junk email settings using either Group Policy or the Office Customization Tool (OCT). Which you should use depends on whether or not you want users to be able to add to the filter lists you’ve created and if so, whether you want their changes to persist after either they restart Outlook or they receive a junk email filter list update from you.

Junk email configuration tool decision tree. Use the OCT or Group Policy?

Decision tree for junk email filter tool

If you want users to be able to customize the filter files and retain their customizations, disable the Overwrite or Append Junk Mail Import List option using either the OCT or Group Policy. If you want to always overwrite users’ customizations, use Group Policy and enable the Overwrite or Append Junk Mail Import List option.

To allow user customization of the filter files—use the Office Customization Tool (OCT)
  1. Use the OCT to configure junk email filter files for users.

    Junk email configuration using the OCT.

    Copy the three junk email filter files that you just created to a network file share.

  2. (Optional) If you have remote users not connected to the domain, do the following:

    1. In the OCT, click Add Files > Add.

    2. In the Add Files to MSP File dialog box, browse to the three junk email filter files that you just created, and select them. (Hold down the Ctrl or Shift key to select multiple files.)

    3. Click Add.

    4. In the File Destination Path dialog box, in the Destination path on the user's computer box, enter the folder where you want to install the file on users' computers, and click OK.

  3. In the OCT, in the tree view, click Modify User Settings.

  4. In the reading pane, expand Microsoft Outlook 2013, expand Outlook Options, expand Preferences, and click Junk email.

  5. Double-click Trigger to apply junk email list settings, and click Enabled > OK to apply the settings and import the junk email filter lists for users.

  6. Important: This is the step that will cause user customizations to the junk email filter lists that you deploy to be appended to the files or overwritten after you initially deploy the default lists.

    To keep user changes to an existing junk email filter both after the user restarts Outlook and when new email filter lists are deployed, double-click Overwrite or Append Junk Mail Import List, then click Enabled > OK.

  7. To specify a path for each junk email filter list, open the settings that correspond to each list (for example, Specify path to Safe Senders), click Enabled, and enter a path and file name in the box (for example, in the Specify path to Safe Senders list).

  8. Click OK, or click Next setting to specify the path for another junk email filter list.

  9. Complete other Outlook 2013 or Office 2013 configurations, and on the File menu, click Save to create the customization file that you can deploy to users.

Later, you can change an existing Outlook 2013 installation to update the junk email filter lists by following this same procedure and specifying your updated junk email filter files.

The Office Customization Tool (OCT) reference for Office 2013 tells you lots more about how to use the OCT to configure an Office installation before deployment.

To lock out user filter file customizations so that any changes users make are always overwritten in a new Outlook session—use Group Policy
  1. Use Group Policy to configure junk email filter files for users.

    Junk email configuration using Group Policy.

    In Group Policy, load the Outlook 2013 template, and open User Configuration\Administrative Templates\Microsoft Outlook 2013\Outlook Options\Preferences\Junk Email.

  2. Double-click the option that you want to configure, for example, Junk email protection level.

  3. Click Enabled.

  4. If appropriate, select another option that you want to set, or select an option from a drop-down list. For the junk email filter options that you can configure, see Plan for limiting junk email in Outlook 2010.

  5. Click OK.

The Overwrite or Append Junk Mail Import List setting is disabled by default so you don’t need to change this setting to overwrite user customizations to the filter files.

As with the filter file settings described above, you can lock down the setting to customize how Outlook automatically downloads pictures by using the Outlook 2013 Group Policy template. Or, if you want to allow users to change this, set it using the OCT.

To prevent automatic download of Internet content—use Group Policy
  1. In Group Policy, load the Outlook 2013 template.

  2. Under User Configuration\Administrative Templates\Microsoft Outlook 2013\Security, click Automatic Picture Download Settings.

  3. Open Do not permit download of content from safe zones.

  4. Click Enabled > OK.

To allow automatic download of Internet content—use the Office Customization Tool
  1. In the OCT, on the Modify user settings page, under Microsoft Outlook 2013\Security\Automatic Picture Download Settings, open Include Intranet in Safe Zones for Automatic Picture Download, and click OK.

  2. On the File menu, click Save to create the customization file that you can deploy to users.

Outlook profile changes. If a user has customized their junk email filter lists and later decides to change their Outlook profile, their customizations will be lost. To keep customizations, users need to first save (export) their customized files, make their profile changes, and then import the junk filter files back into Outlook.

Enterprise users who also look at their Exchange email using Outlook 2013 RT. Users can open Junk email options and set safe and Blocked Senders when connected to a Microsoft Exchange Server or Office 365 mailbox account. However, Outlook 2013 RT disables the Junk settings when connected to POP3, IMAP, or email accounts. and other ISP users are still protected from junk email though since those services provide junk email filtering on the server.