Share via

Phishing emails from Cloud Team or a random company "supposedly" sent by me

Silver Halcyon 0 Reputation points
2026-03-19T14:06:59.6+00:00

Hello,

Since the beginning of March I've been receiving phishing emails in my spam/junk folder "sent" by me with the name Cloud Team or a random company and my email address in the from field as well as a meeting request.

The addresses these emails are sent from are all a variation of:

notifications@random letters

random letters@random letters dot com

One thing I noticed in the email header is that all these emails come from the same sending-Ip and feedback-Id everytime.

This has never happened to me before, I had never heard of email spoofing and I barely receive any spam emails either.

What can be done to block these emails since I cannot block myself?

Outlook | Web | Outlook.com | Email

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. EmilyS726 223.5K Reputation points Independent Advisor
    2026-03-19T14:44:41.6466667+00:00

    What you are seeing is a very common form of email spoofing, and it does not mean your account has been hacked. The sender is simply forging your address in the “From” field so the message appears to come from you.

    Email works a bit like writing any name you want on the return address of a letter. If a spammer writes your email address as the sender, receiving mail servers cannot always verify whether it is truly from you unless authentication records fail, authentication records here means, Microsoft verifies the sending email's SPF, DKIM and DMARC records.

    The good news is that most email providers already detect this and place it in Junk/Spam, which is why you are seeing it there. There's no further need from you to flag or report, because it was already flagged by Microsoft. If you are interested in looking at email header, you will find indication of their SPF, DKIM and/or DMARC being flagged as failed.

    Since it is already in spam folder, these emails are automatically deleted permanently when they are more than 10 days old, while deleted items folder holds for 30 days. So technically spam folder is being treated stricter already.

    Unfortunately there's no way for you to set up a rule or something to block completely because the rule only applies to Inbox. If these emails ever show up in your Inbox instead of spam, then it is a different story.

  2. Q&A Assist
    2026-03-19T14:07:24.4066667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    Those messages are classic spoofed mail: attackers forge the From address so it looks like the mailbox is sending to itself. The mailbox is not actually sending them, which is why blocking “self” is not the right approach.

    Use these steps and checks in Outlook.com / Outlook on the web:

    1. Treat them as phishing, not normal junk
      • Do not click any links or open attachments.
      • In Outlook/Outlook.com, use the built‑in reporting:
        • Right‑click the message in Junk/Inbox.
        • Choose the option to mark/report as phishing (wording varies slightly by client).
      • This helps Microsoft 365 anti‑phishing and anti‑spoofing systems learn and improve.
    2. Check the visual spoof indicators
      • For these messages, Outlook will typically show:
        • A “?” in the sender image when it cannot verify the sender with email authentication.
        • A “via” tag if the real sending domain differs from what appears in the From field.
      • Messages that fail authentication or show a suspicious via tag should be treated with caution and reported as phishing.
    3. Rely on Outlook.com’s anti‑spoofing protection
      • Microsoft 365 uses SPF, DKIM, DMARC, and spoof‑intelligence to detect forged From headers and identify spoofed messages.
      • When Microsoft 365 has high confidence that the From header is forged, it classifies the message as spoofed and can deliver it to Junk, quarantine, or block it entirely.
      • Continue reporting these messages so the service can better recognize that sending IP and feedback‑ID as malicious.
    4. Use junk and block features for the real sender, not “self”
      • Even though the From line shows the mailbox, the actual sending address/domain (in the headers) is different (for example, notifications@… or random domains).
      • In Outlook.com:
        • Open the message header or hover over the sender to see the real address.
        • Add that real address or domain to the Blocked senders and domains list, and keep the message marked as junk.
      • Outlook.com will then route future mail from that sender/domain directly to Junk.
    5. Verify that the account itself is safe
      • Because the messages are spoofed, they usually do not mean the account is compromised, but basic checks are still recommended:
        • Ensure the account password is strong and unique.
        • Confirm no unexpected forwarding rules or inbox rules exist that move or divert mail.
    6. Ongoing handling
      • Continue to:
        • Mark any new variants as phishing.
        • Avoid interacting with links or attachments.
      • Over time, Microsoft’s anti‑phishing and anti‑spoofing systems should reduce how many of these reach the mailbox at all.

    References:

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.