Understanding Safety Tips in Office 365


Exchange Online Protection (EOP) already protects you with industry-leading spam and malware prevention. However, these attacks are so well crafted that they look legitimate. Sometimes putting messages into the Junk Email folder isn’t enough. EOP will automatically verify the sender and add a Safety Tip within an email message to warn you about potentially harmful messages when you check your email in Outlook on the web [1]. You don't need to do anything to enable this, we do it for you automatically (you'll be in either the preview customer list and get it immediately, or if not in the preview list then a few weeks from now):

  • A red Safety Tip in an email means that the message you received contains something suspicious. We recommend deleting these types of email messages from your inbox without opening them.
    .
    Suspicious_Phish
    Suspicious_Fraud
    .
  • A yellow Safety Tip in an email means that the message has been marked as spam. If you don't recognize and trust the sender of the message, don't download any attachments or pictures and don't click any links in the message. You can click the "It’s not spam" link in the yellow bar of a junk mail item to move the message to your inbox.
    .
    Unknown_Spam
    .
    We'll also show the yellow Safety Tip when the message is in your Inbox even though it is spam, but it's there because you've disabled moving spam to your Junk Email folder.

In addition to unsafe messages, we’ll also tell you about valid messages from senders we trust:

  • A green Safety Tip in an email means that we checked the sender of the message and verified that it is safe. These senders, which are maintained by Microsoft, include financial organizations and others that are frequently spoofed.
    .
    Trusted_trusted
    .

We'll also tell you when we skipped filtering from senders you trust:

  • A gray Safety Tip means that the message was not filtered for spam, such as when your organization creates an Exchange Transport Rule to bypass filtering, or when the user puts the sender on their Safe Senders list.
    .
    Gray_ETR_nonspam
    .
    The gray Safety Tip also shows up when external images are blocked, that is, the message is in your Inbox and we don't think it's spam, but we don't download the images unless you choose to download them. [2]

Most messages in your inbox will have no Safety Tip when checking your email in Outlook on the web, we only add them when we have information we think you need.

If you disagree with how we marked a message (that is, it's not spam or it's not legitimate), you can report them to us for analysis as described here: Report junk email and phishing scams in Outlook on the web. We take these samples and use them to make your experience better.

Also, Safety Tips work best if you conform to our Mail flow best practices for Exchange Online.

Safety Tips are an important tool in combating phishing scams and online fraud. We’ll continue to add more features to Safety Tips to ensure you have the best experience. As always, please let us know what you think. 


[1] Outlook on the web was formerly known as Outlook Web Access, or OWA. You can use Outlook on the web to check your email if you are an Office 365 customer. Safety Tips have existed in Outlook.com/Hotmail for years, and now we are ensuring you get the same experience in both web portals.

[2] The red, yellow, and green Safety Tips between Outlook.com and Outlook on the web (Office 365) are similar with a few minor differences. However, Office 365 makes much greater use of the gray safety bar compared to Outlook.com.

Comments (4)

  1. Andrew says:

    We've had the first red tip in your post and it was a false positive. The user seems to be unable to interact with the email as stated but I'm concerned there's no way to override this as an administrator. Is there a way to "unmark" them as phishing? Bypassing EOP doesn't seem to have any effect.

    1. tzink says:

      There's no way to undo a red Safety Tip if it has been stamped within the message.

      If it's a false positive, you're best off opening a support ticket. We can see under what circumstances the message had the red tip inserted (Bulk mailer? On-prem server? Software-as-a-service provider? Mailing list? Something else?).

  2. tim arnold says:

    we are a dedicate Exch 2013 customer, Using EOP on the outside but almost all customers on Outlook desktop clients. Is this now a part of the Outlook user experience?

    1. tzink says:

      It's not part of Outlook, it's part of EOP which inserts it directly into the message's HTML so it can be viewed on any email client. It should be completed rollout by mid-November 2016.

Skip to main content