Share via

Outlook-sequence of events

Norman Martens 40 Reputation points
2026-05-20T20:29:15.53+00:00

First, it's been a while since I've been here. It appears I no longer have navigate to an area of the community that deals with specific products (e.g. Word, Excel). I can just post all of my questions here. That's a tremendous improvement.

Here's my question.

I have suddenly become the recipient of a slew of phishing emails stating that orders have been billed to my paypal account. So far, I have not seen any actual money being transferred from my bank account to pay these false bills but I'd like to stop them from flooding my inbox. I contacted PayPal and they couldn't even locate an account for me so I don't know how these emails are even being generated.

However, here's my question. I'm pretty good with Outlook rules. I've used them for decades. So, I wrote one that looks for the text 'PayPal Billing' anywhere in the body. Here's what the rule looks like:

User's image

As you can see my rule wants to move them to my own junk mailbox. I do this because after I tested the rule my next step is to actually delete the email without me even seeing it.

However, Outlook does flag them as junk and puts them in my built-in junk box. Does Outlook apply its own junk filter BEFORE it allows my rules to take over? And I don't understand why it's even doing this at all because here's my junk filter:

User's image

So, if Outlook is intercepting my rule what can I do? I don't see a way to have a rule look at my junk folder (the only option is 'when it arrives') and I don't see a way to make Outlook execute my rules first.

This is more than just annoying. I'm now getting upwards to 1 or 2 of these emails every day now.

Thanks.

Outlook | Windows | Classic Outlook for Windows | For home

Answer accepted by question author

AI answer

2026-05-20T20:29:38.6766667+00:00

Outlook’s built‑in junk mail filtering is applied before client‑side rules, and server‑side filtering can still move messages to Junk Email even when the Junk Email Options dialog is set to “No Automatic Filtering.” That setting only controls the local Outlook client’s additional filtering; it does not disable the service‑side spam/phishing detection that Microsoft 365/Outlook.com performs.

What is happening in this scenario:

  1. The message arrives at Microsoft’s mail servers.
  2. Exchange Online/Outlook.com anti‑spam and anti‑phishing engines classify it (spam, phishing, etc.).
  3. Based on that verdict, the service delivers it directly to the Junk Email folder.
  4. Because the message never lands in the Inbox, the “after the message arrives” rule (which only runs on Inbox items) never fires.

That is why the rule cannot “override” junk filtering or act on items already placed in Junk Email.

To manage this type of mail:

  • Continue to let Outlook’s junk filter send these phishing messages to Junk Email; this is by design and is the safest behavior.
  • Optionally, periodically review the Junk Email folder and delete its contents if there are no false positives.
  • For messages that still reach the Inbox and look suspicious, use the built‑in junk/phishing reporting and blocking features (for example, “Block senders or mark email as junk in Outlook.com”) so that future similar messages are more likely to be filtered.

There is no supported way to force Outlook client rules to run before the service‑side junk filter or to have a rule process items already in the Junk Email folder.

References:

AI-generated content may be incorrect. Read our transparency notes for more information.

Was this answer helpful?

2 people found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.