All incoming email now loads to deleted folder

Question

After an email hack, all incoming email now loads to the deleted folder. Would appreciate any info on how to stop this.

Answer 1

Hi @ClientCare,

Thank you for reaching out to Microsoft Q&A Forum.

I'm sorry for the inconvenience you're experiencing and I understand how disruptive this issue can be.

After a mailbox is compromised, attackers often leave behind hidden inbox rules, forwarding rules, or blocked senders entries that cause all new mail to be deleted immediately. Even if you’ve changed your password, these rules stay active until removed.

 

You should verify the following place to see if your mailbox is affected by any rules. However, it's recommended doing this via Outlook on the Web (OWA) since some rules do not always appear in the Outlook Mac client.

 

1/ Check for hidden malicious rules

Sign in at https://outlook.office.com Go to Settings (gear) > Mail> Rules Look for any rules that:

• Delete messages
• Move messages to Deleted Items
• Forward messages elsewhere

On your Legacy Outlook for Mac, please navigate to Tools and select Rules. Clear all the rules you see there

2/ Check Junk Email / Blocked Senders list

Attackers often block entire domains (even Microsoft, Google, clients, etc.) so that all mail is treated as junk and auto deleted.

In Outlook Web, go to Settings > Mail > Junk email

Remove any legitimate addresses or domains from Blocked senders

3/ Check for Sweep rules

Go to Settings > Mail > Sweep and delete any suspicious rules.

 

4/ Check ignore status: 

• Go to your Deleted Items folder.
• Select a message that may be part of an ignored conversation.
• On the Home tab in the ribbon, look for the Ignore button. If it's highlighted, click it and then select Stop Ignoring Conversation. This should restore the message to your Inbox and prevent future messages from being deleted.

 

If the issue persists after you check the places above, please create a new outlook profile by following this guide: Manage profiles or identities in Outlook for Mac - Microsoft Support

Additionally, since you're in corporate or Exchange environments, retention policies may automatically move or delete messages. If applicable, confirm the settings with your IT administrator. They can also reach out to Microsoft Support through the Microsoft 365 Admin Center on your behalf so Microsoft can collect logs and investigate your issue. 

Microsoft also provides customer service phone numbers based on your region. You can find the appropriate contact number here: Customer service phone numbers - Microsoft Support 

This route ensures that a Microsoft support engineer can initiate a remote session to investigate backend configurations, run advanced diagnostic tools, and, if necessary, escalate the case to specialized teams with access to internal systems and logs. These backend resources are essential for resolving issues that go beyond what’s visible in the user interface.

As community moderators, we’re here to guide you, but due to privacy and security limitations, we don’t have access to the backend tools required for a full resolution. For this reason, contacting Microsoft Support via the Admin Center is the most secure and efficient way forward.

 

I hope this helps you resolve the issue quickly. I’m glad to assist and truly hope the information provided has been useful. Please feel free to reach out anytime if you need further assistance.  

If you find my post helpful, kindly consider marking it as the accepted answer. Doing so can assist others in the community who may have similar questions in finding solutions more quickly.  

Thank you for your kindness and contributions to the forum.

---

Note: Follow the steps in our documentation to enable email notifications if you want to receive email notifications related to this topic.

Answer 2

In Outlook, this behavior is usually caused by either:

1. A conversation being set to Ignore, which sends all messages in that thread directly to Deleted Items.
2. A rule or junk setting (often created during or after a hack) that moves messages automatically.

Try these steps in order:

1. Check for Ignored conversations
   • Go to the Deleted Items folder.
   • Open one of the messages that is being auto-deleted.
   • On the Home tab, look at the Ignore button in the Delete group.
   • If Ignore is highlighted for that conversation, click Ignore again.
   • When prompted, choose Stop Ignoring Conversation.
   • The message will move back to its original folder, and future messages in that thread will no longer go to Deleted Items.
2. Check Outlook rules and junk settings (for hack cleanup)
   • In Outlook on the web (recommended after a hack), open Settings → Mail → Rules and delete any suspicious rules that move or delete mail.
   • Check Mail → Forwarding and remove any unknown forwarding addresses.
   • If using Microsoft 365/Exchange and an admin is available, have the admin check for mailbox rules and forwarding in Exchange Admin Center and remove anything malicious.
3. Secure the account after the hack
   • Change the account password again and ensure multi-factor authentication (MFA) is enabled.
   • Sign out of all sessions from the Microsoft account security page.
   • Review and revoke any suspicious app permissions or add-ins.

If only specific threads are affected, step 1 (removing Ignore) is usually sufficient. If all or most mail is affected after a hack, step 2 (rules/forwarding cleanup) is critical.

---

References:

• Messages in an e-mail thread are automatically moved to the Deleted Items folder
• Hacker set up continuous draft ransomware email - Microsoft Q&A