Share via

Phishing email has "firebaseapp" as part of it's name but changes numbers and symbols around that. Can I use * to block them. like *firebaseapp*?

Donna Pahl 20 Reputation points
2026-03-18T13:02:24.4533333+00:00

Want to block phishing & scam using their main words and *s. If I open the whole email to get IP address to block it just shows them it's a good address!

Outlook | Outlook for mobile | Outlook for iOS | For home
0 comments
Answer accepted by question author
  1. Victor1-V 7,565 Reputation points Microsoft External Staff Moderator
    2026-03-19T07:57:42.3633333+00:00

    Hi Donna Pahl

    Welcome to the Microsoft Q&A forum. 

    I understand you want to stop a phishing/scam sender that keeps changing characters around “firebaseapp”, and you are wondering whether a wildcard like “firebaseapp*” can be used to block them.

    You may have already seen the existing Q&A Assist reply in this thread. The core explanation there is accurate. Before adding more details, may I check whether you’ve had a chance to try those steps already (blocking the sender or domain and reporting the message as phishing), and whether they helped at all?

    I’d like to add a bit of extra context that’s especially relevant when the sender keeps changing.

    1, About using “firebaseapp” as a block entry:

    In Outlook/Outlook.com, the blocked senders list accepts full email addresses or entire domains (for example, blocking all messages that come from a domain like example.com). There isn’t an option in the blocked list to enter wildcard patterns or partial text fragments such as “firebaseapp*”, so entries based on only part of a name are not expected to work.

    Reference: Block or allow (junk email settings) - Microsoft Support 

    2, If the sender keeps changing, add an Inbox rule for common words:

    When scammers rotate addresses or symbols to bypass blocking, a practical workaround is to use an Inbox rule instead of relying only on the sender address. You can create a rule that looks for a common word like “firebaseapp” in the subject line or message body and then automatically moves those messages to Deleted Items or Junk. This approach is often more effective for campaigns where the visible sender changes frequently.

    References: Receiving email from blocked senders in Outlook.com and Manage email messages by using rules in Outlook

    3, If the visible sender looks “masked”, check message headers to find what to block:

    If the display name looks familiar but you suspect the real sender is different, you can view the internet message headers to confirm the sender details, then add the actual address or domain you find to your blocked list.

    Reference: View internet message headers in Outlook

    4, Keep reporting the messages as phishing:

    Reporting helps improve filtering and is recommended even if you also block the sender or use rules. On Outlook mobile, you can select the message, open the menu, choose “Report Junk”, then select “Phishing” (or “Block Sender” if you prefer). Reference: How do I report phishing or junk email?

    I hope these steps help you control the “firebaseapp” variations more effectively.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".    

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.    

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2026-03-18T13:02:37.9533333+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    Wildcard blocking with patterns like *firebaseapp* is not supported in consumer Outlook safe/block lists. Block lists in Outlook and Outlook.com work on full sender addresses or domains, not arbitrary text fragments in the address or subject.

    For Outlook/Outlook.com:

    1. Block the sender or domain
      • Right‑click a message from the sender.
      • Select Junk > Block Sender.
      • Future messages from that exact address will go to Junk Email or End-User Quarantine if enabled by an administrator.
      • For more details, see the guidance on blocking senders and using junk filters.
    2. Use blocked senders list (no wildcards)
      • Add specific email addresses or full domains (for example, @example.com) to the blocked senders list.
      • This does not support partial strings like *firebaseapp*; the match is based on the full address or domain.
    3. Report phishing instead of opening links/attachments
      • Select the suspicious message in Outlook.com.
      • Choose Report > Report phishing.
      • This reports the sender to Microsoft but does not automatically block them; to block, also add the sender to the blocked senders list.
      • Do not open links or attachments in the message; reporting does not require interacting with the content.
    4. General phishing protection
      • Treat any message asking for urgent action with caution and verify the sender’s domain carefully.
      • Never follow links or open attachments you were not expecting; instead, go directly to the site by typing its address or using a saved favorite.
      • Use Microsoft Edge with SmartScreen enabled to help block known phishing sites.

    Blocking by IP from within Outlook.com is not supported in the consumer UI, and opening the message to inspect technical details is not required to block or report it. Use the built‑in Block and Report phishing options and keep junk mail and phishing protections enabled.

    References:

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.