Persistently Compromised Outlook.com Account - Malicious Email Auto-Regenerates Inbox Despite Full Factory Reset & 2FA

Question

The Symptom: A single, specific blackmail email reappears in my Inbox (not Drafts) seconds/minutes after I delete it. It is not a rule moving it; it is recreated.

2. My Actions (All Completed): · Performed full factory resets on my Android phone and Samsung tablet. · Changed the Microsoft account password multiple times from a clean device. · 2FA (Authenticator app) is and has been active. · Reviewed and deleted ALL email rules (none exist). · Disabled POP/IMAP access and email forwarding. · Revoked access for ALL third-party apps in account.microsoft.com/consent. · Signed out of all sessions and removed all trusted devices.
3. Critical Context: The problem survives device resets, proving the compromise is account/server-side, not client-side malware. Attempts to use the official "My account is compromised" tool (account.live.com/acsr) or live chat result in the errors shown in my screenshot (HTTP 500.30 - ASP.NET Core app failed to start).
4. Request: I urgently need this case to be reviewed by the Outlook.com security or backend engineering team. This appears to be an automated, persistent access method that standard user remediation cannot stop. Please provide a secure channel to submit full error logs or escalate this case.

Error Evidence: I have attached a screenshot of the HTTP Error 500.30 received when trying to access support pages while logged into the affected account.

Answer 1

Hi,

Thank you for sharing your question. I understand that you are dealing with a highly unusual and serious situation where a specific blackmail email keeps reappearing in your Inbox, despite multiple security, device, and account‑level remediation steps.

This is understandably alarming and frustrating, especially after performing full device resets, enabling 2FA, removing third‑party access, clearing rules, revoking sessions, and attempting to use Microsoft’s official compromised‑account recovery tools only to receive server errors that prevent escalation. Persistent inbox regeneration like this is not typical user‑side behavior and would make anyone concerned.

When malicious mail reappears even after resets, password changes, rules checks, and full lockouts, Microsoft documentation indicates the account should be treated as actively compromised, with remediation required at the account and server level rather than through client devices. Microsoft’s guidance for compromised accounts highlights symptoms such as regenerated mail items, unusual mailbox behavior, and attacker‑controlled automated actions. These require deeper investigation through backend tools and Defender‑based diagnostics.

I hope this helps.

 

Best Regards,

Noel

Answer 2

Hi, I want to share with you that the extortion message dissapeared. After all the remedial steps, it dissapeared within the 24 hours. I recommend the same steps for the ones who are deali g with that situation. Regards