We occasionally get reports from people checking their Junk Email folder, finding something suspicious, and then reporting it to IT.
That might be a fake Outlook.com address, a message pretending to come from a colleague, a spoofed display name, or a fairly obvious phishing attempt.
It’s good that people are paying attention. Much better that than ignoring suspicious email entirely.
But there’s an important distinction:
*If it is already in Junk, the filter has usually done its job*
The Junk Email folder is there for exactly this sort of thing.
What the Junk folder is doing
Email filtering systems look at a mix of signals before deciding what to do with a message. For example:
- Where the message came from
- Whether the sender has a good reputation
- Whether the message looks like known spam or phishing
- Whether links or attachments look suspicious
- Whether the sender is pretending to be someone else
- Whether the message failed authentication checks
If the system thinks the message is suspicious, but not quite enough to block it completely, it may put it in Junk.
That is already a different treatment from normal email. It has not gone into the Inbox, and its location is effectively the warning sign.
Why fake names and addresses are so common
A lot of phishing emails use fake sender details.
You might see a message that appears to come from someone in your company, but the actual email address is something unrelated, such as an Outlook.com, Gmail, or other personal address. Sometimes the displayed name is copied from a real person, but the sending address has nothing to do with them.
That is very common.
It does not mean the person’s account has been hacked. The attacker has simply copied a name and used it on a completely separate account.
Why reporting every Junk email is not that useful
It feels sensible to report anything that looks dodgy, especially if it appears to impersonate someone.
But if every suspicious message in Junk is sent to IT, it creates quite a bit of noise without usually improving protection.
There are a few reasons for that.
First, the system has already acted. The message has been identified as unwanted or suspicious and moved out of the Inbox.
Second, spam senders constantly change addresses. Blocking one random Outlook.com or Gmail address rarely helps for long, because the next message will probably come from another throwaway account.
Third, blocking too broadly can cause problems. Services like Outlook.com and Gmail are used by plenty of legitimate people as well as attackers. Blocking an entire provider would cause more problems than it solves in most businesses.
And finally, lots of low-risk reports can bury the genuinely important ones. IT teams need to prioritise cases where a phishing email reached the Inbox, someone clicked a link, credentials may have been entered, or an account may have been compromised.
That is where the real risk sits.
When you should report a suspicious email
Please do report a suspicious email if any of the following apply:
- It appeared in your Inbox, not Junk, especially when the address appears to be their legitimate email address (rather than “@outlook.com” or “@gmail.con”)
- You clicked a link
- You opened an attachment
- You replied to it
- You entered your password or any sensitive information
- You are not sure whether you interacted with it
Those are the cases where IT may need to investigate properly, block a wider campaign, check sign-in activity, reset passwords, or look for signs of account compromise.
What to do with emails already in Junk
If the message is already in Junk and you have not clicked anything, opened anything, replied, or moved it back to your Inbox, there is usually nothing else you need to do.
You can delete it, or leave it to be cleared automatically depending on your organisation’s retention settings.
The main thing is simple: do not move it to your Inbox, do not reply, do not open attachments, and do not click links.
The main takeaway
Spam and phishing are a normal part of email now. Annoying, but normal.
No filtering system can stop every unwanted message from existing, but a good one should stop most of it from reaching your Inbox.
The Junk Email folder is not an IT action list. It is where the email system puts messages it has already judged to be unwanted or suspicious.
So if a suspicious message is already in Junk and you have not interacted with it, the best action is usually to leave it alone or delete it.
In that case, boring as it sounds, the system has probably already done what it was meant to do.