Outlook - built-in Report button questions

Question

1. When a mail is reported as junk, it is moved to the user's junk-e-mail folder, but the sender address is not added to the user's Blocked Senders list, as described in the MS documentation
2. When a mail is reported as phishing, the message is moved to the deleted items folder, but there is no documentation for blocking the sender address
3. When an admin does the review and answers the user, there is no possibility to move the mail back from the junk-e-mail folder or completely delete the message
4. When selected "Replace the Microsoft logo with my organization's logo across all reporting experiences." the Microsoft logo is not replaced by our company logo in the email notification. The logo is set correctly, because we see the logo in the top bar in all M365 portals.

Answer 1

Dear @Rainer,
Welcome to Microsoft Q&A Forum!

Thank you very much for taking the time to share your detailed observations regarding the built‑in Report button in Outlook. I completely understand how confusing and frustrating this experience can be, especially when the actual behavior may not seem to fully align with the available documentation. I truly appreciate your patience while reviewing these points.

Below, I would like to address each of your concerns individually and clarify the current, supported behavior based on what I researched.

1.Reporting an email as Junk does not add the sender to Blocked Senders:

When a user reports an email as Junk using the Outlook Report button, the primary purpose of this action is to provide feedback to Microsoft’s filtering systems and help improve spam detection across the service. The message is moved to the Junk Email folder as expected. However, this action does not automatically add the sender to the user’s Blocked Senders list.

This behavior is expected. Reporting messages is intended for service‑level threat intelligence, while personal sender blocking is managed separately through:

• The Blocked Senders list
• Exchange mail flow rules or Outlook mailbox rules
• Anti‑spam policies at the tenant level

References:

• Manage mail flow rules in Exchange Online
• Manage email messages by using rules in Outlook
• Configure anti-spam policies for cloud mailboxes

2.Reporting an email as Phishing does not clearly document sender blocking:

When an email is reported as Phishing, Outlook typically moves the message to Deleted Items, and the report is sent to Microsoft for security analysis.

Microsoft does not publicly document whether the sender is automatically blocked after a phishing report. This is intentional, as phishing reports feed into Microsoft Defender threat intelligence, where actions such as blocking are handled centrally and dynamically, rather than through visible user‑level rules.

As a result:

• Reporting phishing should not be relied on as a guaranteed “block sender” action.
• Long‑term blocking should be enforced using security policies or mail flow rules.

Reference: User reported settings

3.Admin limitations after reviewing reported messages:

After a message is reported and reviewed by an administrator, the available actions are intentionally limited:

• The original email cannot be restored to the user’s Inbox
• The message cannot be permanently deleted from the reporting pipeline

This is expected behavior and is part of Microsoft’s security model. Once reported, messages become part of an investigation and telemetry process, and administrators are provided review visibility rather than full remediation control.

If a message was incorrectly classified, the recommended approach is to:

• Adjust anti‑spam or anti‑phishing policies
• Release or allow similar messages going forward

4.Organization logo not appearing in report notification emails:

You also mentioned that the option “Replace the Microsoft logo with my organization’s logo across all reporting experiences” is enabled, yet the Microsoft logo still appears in notification emails.

While this branding setting does apply to many Microsoft 365 portals and interfaces, not all email notification templates may currently support custom branding. Some security‑related notification emails are still Microsoft‑controlled and may not reflect tenant branding, even when the logo is configured correctly elsewhere.

This may be considered as expected behavior and not related to a misconfiguration on your side.

Reference: Customize the Microsoft 365 theme for your organization

Therefore, in my perspective view, your findings are valid, and many of the behaviors you described are expected but not yet fully documented. For gaps such as branding consistency or clearer sender‑blocking behavior, Microsoft actively encourages customer feedback. You may consider:

• Submitting feedback via the Microsoft Feedback Portal
• Opening a support case through the Microsoft 365 Admin Center for more information of current behavior.

Please know that I completely understand how these behaviors can impact administrative workflows, and I appreciate you bringing such detailed observations forward. However, this is a peer‑to‑peer support forum. Microsoft Q&A moderators like myself, as well as other community members, share guidance based on personal experience and publicly available information. Due to security and privacy protocols, we do not have access to your internal environment and are unable to help you further. Our role is to help guide the discussion and connect you with relevant and helpful resources. I hope for your patience and understanding in this situation.

Besides that, sharing your experience to Microsoft Feedback portal helps Microsoft prioritize feature improvements in this scenario. Once you submit your feedback there, other users and I can locate your post and vote for it, which increases your visibility and priority to the product team. And I appreciate you raising this issue. Your action can help others in our community who face the same concern.

I hope this clarification helps align expectations and provides you some insights in this concern. Wish you a pleasant day!

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". 

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread. 

Answer 2

1. Reporting as junk but sender not added to Blocked Senders

The documented behavior for the built-in Report button is:

• Reported as junk: “The messages are moved to the Junk Email folder, and the sender is automatically added to the user's Blocked Senders list.”

This applies when:

• User reporting is turned on, and
• The built-in Report button is configured in the user reported settings at https://security.microsoft.com/securitysettings/userSubmission.

If messages are moved to Junk but the sender is not added to Blocked Senders, this is a deviation from the documented behavior and requires support investigation. The context does not provide an alternative configuration where the sender would not be added.

2. Reporting as phishing and blocking the sender

The documented behavior for the built-in Report button is:

• Reported as phishing: “The messages are deleted.”

There is no statement in the provided documentation that reporting as phishing via the built-in Report button also adds the sender to the Blocked Senders list.

For Outlook.com, the documentation explicitly states that when a message is marked as phishing, “the sender is reported but is not blocked from sending you additional messages. To actually block a sender, add the sender to your blocked senders list.” While this text is specific to Outlook.com, it shows that reporting phishing and blocking are separate actions.

To block a sender in classic Outlook, use the Junk/Blocked Senders features:

• Select a message from the sender.
• On the Home tab, in the Delete group, select Junk > Block Sender.

Or add the address/domain directly to the Blocked Senders list:

1. On the Home tab, in the Delete group, select Block (or Junk) and then Junk E-mail Options.
2. On the Blocked Senders tab, select Add.
3. Enter the email address or domain (for example, someone@example.com or @example.com).
4. Select OK.

Messages from addresses/domains in the Blocked Senders list are always treated as junk and moved to the Junk E-mail folder.

3. Admin review and moving/deleting the original message

The provided context only documents what happens at report time in the user’s mailbox:

• Report as junk: move to Junk Email and add sender to Blocked Senders.
• Report as phishing: delete the message.

It does not document any admin-side function to move a reported message back from Junk Email or to permanently delete it from the user’s mailbox as part of the review workflow. Any limitation here is not covered in the supplied documentation and would need product or support confirmation.

Users can still manually:

• Move a message from Junk Email back to Inbox (for example, after being told it is not junk), or
• Delete the message from Junk or Deleted Items.

4. Organization logo not replacing Microsoft logo in reporting experiences

The context states that in supported Outlook clients, the built-in Report button is available and can be configured via user reported settings, including routing to a reporting mailbox and/or Microsoft. It also notes that in some Outlook clients the built-in Report button supports shared/delegate mailboxes.

However, the provided documentation does not describe:

• The “Replace the Microsoft logo with my organization's logo across all reporting experiences” setting, or
• How that logo is used in email notifications.

Because this behavior is not covered in the supplied context, no documented cause or fix can be provided here. The logo being visible in M365 portals confirms it is configured, but the interaction with the reporting notifications is not described in the referenced materials and would require support or product documentation outside this context.

---

References:

• Report phishing and suspicious emails in Outlook for admins
• Description of the policy for how e-mail is filtered by the junk e-mail filters in Outlook or in Exchange Server
• Block a mail sender in Outlook
• Phishing and suspicious behavior in Outlook