Spam, phishing schemes, and computer viruses are more than annoying. They can damage your computer, cause data loss, and expose your private information. Microsoft Outlook is designed to help protect you from malicious email messages by disabling embedded content in messages and attachments. This includes scripts, macros, and ActiveX controls whether you are previewing or opening attachments.
Also, some attachment file types are automatically blocked. These include file types that can run programs — file names that end with extensions such as .exe, .bat, .com, .vbs, and .js. This helps prevent the spread of computer viruses. Any blocked attachment is listed in the InfoBar at the top of the message.
Common file types such as photos or Word, Excel, and PowerPoint documents aren’t blocked. Only your email server administrator can change which file types are blocked.
Security Note: View the list of file types blocked by Microsoft Outlook.
If you try to send an attachment that has a file type that is on the blocked list, you see a message that Outlook recipients may be unable to access the attachment.
If you must send a file that is on the blocked list, you can create a compressed folder (zip files) with the files, and then attach the compressed folder to your message. See Windows help for more information about compressed folders.
The Junk Email Filter automatically evaluates incoming messages and sends those considered spam to the Junk Email folder.
Microsoft Outlook also has an additional anti-spam feature for pictures includes in messages. Frequently, legitimate senders include links to images instead of embedding them in a message. This keeps message sizes small. However, junk email senders use this capability as a web beacon that collects your email address.
When you open the message and the images are downloaded, you are unintentionally verifying to the sender that you have opened the message and that your email address is valid. Your email address can then be sold to spammers leading to even more junk messages. By default, Outlook blocks automatic downloads. If you think that the message is from a trustworthy source, you can unblock the external content and then it is downloaded and will appear in the message.
“We are updating our account records and need you to send us your credit card or ATM account number and PIN.” This is usually a phishing attempt. Phishing is the practice of luring you into disclosing personal information, such as bank account numbers and passwords. Often phishing messages look legitimate, but have deceptive links that actually open fake websites.
Security Note: It is unlikely that any company would request sensitive personal information in an email message. When in doubt, contact the sender using a known phone number or web address shown on your invoice or statements.
The Junk Email Filter evaluates each incoming message and if it determines that a message is suspicious, the message is sent to the Junk Email folder. The links in the message are also disabled. To prevent you from accidentally replying to a message that uses a suspicious email address, the Reply and Reply All commands are disabled for that message. In addition, any attachments in the suspicious message are blocked. For details, see Enable or disable links and functionality in phishing email messages.
A macro automates frequently used tasks. Although some macros are a recording of your keystrokes or mouse clicks, more powerful VBA macros are authored by developers who use code that can run many commands on your computer. For this reason, VBA macros pose a potential security risk. A hacker can introduce a malicious macro through a document that, if you open them, allows the macro to run and potentially spread a virus on your computer.
Learn more about how to protect your privacy and trustworthy computing in the Trust Center. Click the File tab, click Options, and then click Trust Center.